W3C home > Mailing lists > Public > public-xg-webid@w3.org > January 2012

DNS Caching

From: Henry Story <henry.story@bblfish.net>
Date: Tue, 24 Jan 2012 18:44:43 +0100
Message-Id: <82A561D3-78EB-4778-8C33-E78F23F2F3A4@bblfish.net>
Cc: rzeno Zeno <ruset.zeno@gmail.com>
To: WebID Incubator Group WG <public-xg-webid@w3.org>

I discovered an issue with DNS caching that has been mentioned but that 
we have  not explored very far. It came up for me in Java, and I will explain
the results of my work for that language here, but that is something that 
should interest all other  implementations as it could manifest itself in 
different forms there.

Russet Zeno has a server with a dynamic ip address that changes quite 
regulary. He was having trouble authenticating with 
http://foafssl.org/srv/idp after he changed ip address. This could
well be an issue that props up more regularly if we get Freedom Boxes
with dynamic IPs joining.

It turns out that Java for security reasons caches all ip addresses.
This can be changed by setting properties as explained in a number of
places, such as:

 - http://javaeesupportpatterns.blogspot.com/2011/03/java-dns-cache-reference-guide.html
 - http://www.rgagnon.com/javadetails/java-0445.html
 - http://docs.oracle.com/javase/7/docs/technotes/guides/net/properties.html

So I am going to see if the following addition helps [1]

    24   java.security.Security.setProperty("networkaddress.cache.ttl" , ""+60*10); //3 minutes
    25   java.security.Security.setProperty("networkaddress.cache.negative.ttl",""+60*3)

 It would be very interesting to have feedback on this from others. Building 
a test suite for this is going to be quite difficult, so here we probably need 
to be aware of the problem and keep each other up to date on what is the
right thing to do.

  I think this then also brings up an interesting topic that we could explore
next is support of DNSSEC.

	Henry 

[1] https://dvcs.w3.org/hg/read-write-web/rev/951fc773c9be


Social Web Architect
http://bblfish.net/
Received on Tuesday, 24 January 2012 17:45:22 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 24 January 2012 17:45:24 GMT