Summary
It should be possible to use the stale DNS records from the cache in the "java.net.InetAddress" class if the DNS server is down.
Problem
At the moment the cache in the "java.net.InetAddress" class can be configured by the application using the following two properties:
(1) "networkaddress.cache.ttl"(default: 30 sec) - cache policy for successful lookups
(2) "networkaddress.cache.negative.ttl"(default: 10 sec) - cache policy for negative lookups
The default timeout for positive responses is good enough to "have recent dns-records" and to "minimize the number of requests to the DNS server".
But the cache for the negative responses is problematic. Caching the negative response means that for 10 seconds the application will not be able to connect to the server.
Solution
When TTL for the record will expire we should request the new data from the server. If this request goes fine we will update the record, if it fails we will continue to use the cached/stale data until the next sync.
The new feature will be controlled by the new security property "networkaddress.cache.stale.ttl" and the new java property "sun.net.inetaddr.stale.ttl". The value will be specified as an integer to indicate the number of seconds the stale DNS names will be kept in the cache in the "java.net.InetAddress" class.
The "java property" can be used by the application if the "security property" is not set. This is similar to how the existing properties "networkaddress.cache.ttl" and "sun.net.inetaddr.ttl" are working.
Specification
Link for convenience: https://github.com/openjdk/jdk/pull/13285/files
src/java.base/share/classes/java/net/InetAddress.java
@@ -191,9 +192,9 @@
* <p> If the default behavior is not desired, then a Java security property
* can be set to a different Time-to-live (TTL) value for positive
* caching. Likewise, a system admin can configure a different
- * negative caching TTL value when needed.
+ * negative caching TTL value when needed or extend the usage of the stale data.
*
- * <p> Two Java security properties control the TTL values used for
+ * <p> Three Java security properties control the TTL values used for
* positive and negative host name resolution caching:
*
* <dl style="margin-left:2em">
@@ -205,6 +206,24 @@
* <p>
* A value of -1 indicates "cache forever".
* </dd>
+ * <dt><b>networkaddress.cache.stale.ttl</b></dt>
+ * <dd>Indicates the caching policy for stale names. The value is specified as
+ * an integer to indicate the number of seconds that stale names will be kept in
+ * the cache. A name is considered stale if the TTL has expired and an attempt
+ * to lookup the host name again was not successful. This property is useful if it is preferable to use a
+ * stale name rather than fail due to an unsuccessful lookup. The default
+ * setting is to cache for an implementation specific period of time.
+ * <p>
+ * If the value of this property is larger than "networkaddress.cache.ttl" then
+ * "networkaddress.cache.ttl" will be used as a refresh interval of the name in
+ * the cache. For example, if this property is set to 1 day and
+ * "networkaddress.cache.ttl" is set to 30 seconds, then the positive response
+ * will be cached for 1 day but an attempt to refresh it will be done every
+ * 30 seconds.
+ * <p>
+ * A value of 0 (zero) or if the property is not set means do not use stale
+ * names. Negative values are ignored.
+ * </dd>
* <dt><b>networkaddress.cache.negative.ttl</b> (default: 10)</dt>
* <dd>Indicates the caching policy for un-successful name lookups
* from the name service. The value is specified as an integer to
src/java.base/share/classes/java/net/doc-files/net-properties.html
@@ -267,13 +267,21 @@ <H2>Address Cache</H2>
policy, while a value of 0 (zero) means no caching. The default value
is -1 (forever) if a security manager is installed, and implementation-specific
when no security manager is installed.</P>
+ <LI><P><B>{@systemProperty networkaddress.cache.stale.ttl}</B> (default: see below)<BR>
+ Value is an integer corresponding to the number of seconds that stale names
+ will be kept in the cache. A name is considered stale if the TTL has expired and an attempt
+ to lookup the host name again was not successful. This property is useful if it is
+ preferable to use a stale name rather than fail due to an unsuccessful lookup.
+ A value of 0 (zero) or if the property is not set means do not use stale
+ names. Negative values are ignored.
+ The default value is implementation-specific.</P>
<LI><P><B>{@systemProperty networkaddress.cache.negative.ttl}</B> (default: {@code 10})<BR>
Value is an integer corresponding to the number of seconds an
unsuccessful name lookup will be kept in the cache. A value of -1,
or any negative value, means “cache forever”, while a
value of 0 (zero) means no caching.</P>
</UL>
-<P>Since these 2 properties are part of the security policy, they are
+<P>Since these 3 properties are part of the security policy, they are
not set by either the -D option or the {@code System.setProperty()} API,
instead they are set as security properties.</P>
<a id="Unixdomain"></a>
src/java.base/share/conf/security/java.security
@@ -357,6 +357,17 @@ ssl.TrustManagerFactory.algorithm=PKIX
#
#networkaddress.cache.ttl=-1
+#
+# The Java-level namelookup cache stale policy:
+#
+# any positive value: the number of seconds to use the stale names
+# zero: do not use stale names
+# negative values are ignored
+#
+# default value is 0 (NEVER).
+#
+#networkaddress.cache.stale.ttl=0
+
# The Java-level namelookup cache policy for failed lookups:
#
# any negative value: cache forever- csr of
-
JDK-8304885 Reuse stale data to improve DNS resolver resiliency
-
- Resolved
-