From owner-freebsd-java@FreeBSD.ORG Tue Sep 18 04:30:02 2007 Return-Path: Delivered-To: freebsd-java@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4E77516A418 for ; Tue, 18 Sep 2007 04:30:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id D1DB013C465 for ; Tue, 18 Sep 2007 04:30:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l8I4U1fL014221 for ; Tue, 18 Sep 2007 04:30:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l8I4U1qd014220; Tue, 18 Sep 2007 04:30:01 GMT (envelope-from gnats) Resent-Date: Tue, 18 Sep 2007 04:30:01 GMT Resent-Message-Id: <200709180430.l8I4U1qd014220@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-java@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Nick Johnson Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B83E216A417 for ; Tue, 18 Sep 2007 04:27:40 +0000 (UTC) (envelope-from root@turing.morons.org) Received: from turing.morons.org (turing.morons.org [208.96.51.42]) by mx1.freebsd.org (Postfix) with ESMTP id 5BCB613C478 for ; Tue, 18 Sep 2007 04:27:40 +0000 (UTC) (envelope-from root@turing.morons.org) Received: by turing.morons.org (Postfix, from userid 0) id 68A9117034; Mon, 17 Sep 2007 21:27:20 -0700 (PDT) Message-Id: <20070918042720.68A9117034@turing.morons.org> Date: Mon, 17 Sep 2007 21:27:20 -0700 (PDT) From: Nick Johnson To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: java/116430: JDK does not respect DNS caching parameters on timeout with CNAME X-BeenThere: freebsd-java@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting Java to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Sep 2007 04:30:02 -0000 >Number: 116430 >Category: java >Synopsis: JDK does not respect DNS caching parameters on timeout with CNAME >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-java >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Sep 18 04:30:01 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Nick Johnson >Release: FreeBSD 6.2-STABLE i386 >Organization: morons.org >Environment: System: FreeBSD turing.morons.org 6.2-STABLE FreeBSD 6.2-STABLE #0: Sun Jan 21 16:53:54 PST 2007 root@turing.morons.org:/usr/src/sys/i386/compile/TURING i386 Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_12-p6-root_29_jul_2007_13_27) >Description: When making a Socket connection, if the initial lookup for a host that is actually a CNAME times out, the JDK does not respect the networkaddress.cache.negative.ttl value and immediately throws an UnknownHostException on subsequent queries. >How-To-Repeat: 0. Configure Java to run with -Dsun.net.inetaddr.negative.ttl=0 and/or set networkaddress.cache.negative.ttl=0 in java.security. Configure /etc/resolv.conf to resolve against 127.0.0.1. 1. Create a Socket giving a hostname that resolves as a CNAME and block requests with a firewall so that the request times out at least initially. Here are some example hosts for which this problem has been seen: www.washingtonpost.com www.towleroad.com www.wcbd.com 2. After the UnknownHostException, unblock the firewall and perform a lookup on the command line such that the name does resolve. 3. Repeat step 1. The JDK will immediately throw UnknownHostException without performing another lookup (you can snoop network traffic and see that there is no subsequent lookup performed). I'm not sure if the request has to time out entirely the first time, or if the resolver just has to do a retry, or if it always fails because it's a CNAME rather than an A record (but works correctly if the name is already in the BIND cache because the address is also there). >Fix: Unknown >Release-Note: >Audit-Trail: >Unformatted: