I've recently been introduced to the caching behaviour of InetAddress,
and I think it may be improved.
The javadoc reads:
The InetAddress class has a cache to store successful as well as
unsuccessful host name resolutions. The positive caching is there to
guard against DNS spoofing attacks; wh
Andreas Plesner Jacobsen wrote:
I've recently been introduced to the caching behaviour of InetAddress,
and I think it may be improved.
The javadoc reads:
The InetAddress class has a cache to store successful as well as
unsuccessful host name resolutions. The positive caching is there to
guard
Alan Bateman wrote:
Alan,
The specification could be improved but changing InetAddress.getByName
to return a random address is a significant change that could break
existing applications. It might be better to define a new method,
perhaps "getAnyByName", that randomly chooses one of the cache
Alan Bateman wrote:
Alan,
I don't think it's a significant change, since that's how getByName()
acts when the cache entries time out, so changing it would make it act
a lot more consistently.
Actually, I think it's worth debating whether or not InetAddress
should cache lookups at all, I thi
Andreas Plesner Jacobsen wrote:
:
I don't think it's a significant change, since that's how getByName()
acts when the cache entries time out, so changing it would make it act
a lot more consistently.
Actually, I think it's worth debating whether or not InetAddress
should cache lookups at all
a) The java.net cache is replicating the NSCD (OS caching), which are the
appropriate layer for this kind of caching.
b) If a security policy requires a kind of caching, then the replaceable and
extensible security manager architecture should be used for this.
On 2/18/08, Andreas Plesner Jacobse
* Alan Bateman:
> Search for a ~1996 paper on DNS spoofing attacks from Princeton
> University as that gives useful background on this topic and is the
> original reason for the caching.
That paper is probably out of date by now. Interaction of expiry and
poisoning hasn't been fully understood b
Andreas Plesner Jacobsen wrote:
:
Thanks for the background info. Incidentally, that brings us to a
third inconsistent operating mode of getByName(), so we're up to three
different behaviours:
1. When running under a security manager, we cache forever
2. When not running under a security mana
