Coldfusion Hostname Resolution and Caching
I just ran across this issue again, CFHTTP requests to a hostname work from one Coldfusion server but not from another. The JVM caches hostname-to-IP address resolution for infinity, by default. This means that if you have a local DNS server with a host name mytest.mydomain.com and it is set to resolve to 127.0.0.1 each CFHTTP request (or CFFTP, CFLDAP, CFINVOKE) to mytest.mydomain.com after the first call will resolve to the IP 127.0.0.1. If you change the DNS entry at some point to resolve to a different IP, Coldfusion never picks up on this change, but instead continues to try and resolve to the old IP address, unless you restart Coldfusion.
You can change the caching policy by editing the networkaddress.cache.ttl value in the cf_root\runtime\jre\lib\security\java.security config file.
The InetAddress class has a cache to store successful as well as unsuccessful host name resolutions. The positive caching is there to guard against DNS spoofing attacks; while the negative caching is used to improve performance.
By default, the result of positive host name resolutions are cached forever, because there is no general rule to decide when it is safe to remove cache entries. The result of unsuccessful host name resolution is cached for a very short period of time (10 seconds) to improve performance.
Under certain circumstances where it can be determined that DNS spoofing attacks are not possible, a Java security property can be set to a different Time-to-live (TTL) value for positive caching. Likewise, a system admin can configure a different negative caching TTL value when needed.
Two Java security properties control the TTL values used for positive and negative host name resolution caching:
- networkaddress.cache.ttl (default: -1)
- Indicates the caching policy for successful name lookups from the name service. The value is specified as as integer to indicate the number of seconds to cache the successful lookup.
A value of -1 indicates "cache forever".
- networkaddress.cache.negative.ttl (default: 10)
- Indicates the caching policy for un-successful name lookups from the name service. The value is specified as as integer to indicate the number of seconds to cache the failure for un-successful lookups.
A value of 0 indicates "never cache".
A value of -1 indicates "cache forever".
Read the TechNote from Adobe for more information.
Search
About
Archives
Recent Posts
Links
Feeds
Jul 31, 2008 at 12:29 PM
I have the same problem and couldnt solve it yet. Do you know any other resource as a solution for the same problem? Thanks alot for your help. Best regards.