java.net.SocketPermission.implies(Permission p) specification is as follows.
##################################################################################
Checks if this socket permission object "implies" the specified permission.

More specifically, this method first ensures that all of the following are true (and returns false if any of them are not):

    p is an instanceof SocketPermission,
    p's actions are a proper subset of this object's actions, and
    p's port range is included in this port range. Note: port range is ignored when p only contains the action, 'resolve'.

Then implies checks each of the following, in order, and for each returns true if the stated condition is true:

    If this object was initialized with a single IP address and one of p's IP addresses is equal to this object's IP address.
    If this object is a wildcard domain (such as *.sun.com), and p's canonical name (the name without any preceding *) ends with this object's canonical host name. For example, *.sun.com implies *.eng.sun.com.
    If this object was not initialized with a single IP address, and one of this object's IP addresses equals one of p's IP addresses.
    If this canonical name equals p's canonical name.

If none of the above are true, implies returns false.
####################################################################################

- The specified target hostname resolves to two IP addresses (always the same address pair).
- The DNS resolved order of the two ip addresses changes (a usual LoadBalancer type behavior).
- The CNAME of the two ip addresses differ.

- In SocketPermission class(void getIP() method), it internally resolves and saves only the first IP address resolved, not all the IP addresses resolved.
- Depending on when the implier/implied SocketPermission hostname is resolved, the resolved addresses order differs, and the internally saved IP address mismatches, resulting on SocketPermission#implies() false.