Andreas Plesner Jacobsen wrote:
:
I don't think it's a significant change, since that's how getByName()
acts when the cache entries time out, so changing it would make it act
a lot more consistently.
Actually, I think it's worth debating whether or not InetAddress
should cache lookups at all, I think it's more fitting to delegate
that to the underlying OS.
Search for a ~1996 paper on DNS spoofing attacks from Princeton
University as that gives useful background on this topic and is the
original reason for the caching. When a security manager is set then it
caches forever and getByName will always return the same address. There
was some capitulation on this topic in jdk6 so that it doesn't cache
forever when there isn't a security manager. There was analysis done at
the time on the implications of the change but I don't know if that
included changing the behavior of the getByName method (Michael?).
-Alan.
