Recently a customer complained about the behavior of CFHTTP in ColdFusion MX:
"CFHTTP permanently caches the DNS look-up. This cache can only be flushed by recycling ColdFusion service on the machine in question. Why doesn't CF rely on the server to resolve the domain? What's with caching the DNS look-up at all??"
Needless to say, the CFHTTP code doesn't do anything like this because it would make customers mad. :-) So I did a bit of investigation. The underlying library we use to support HTTP operations (after I switched it from using the Java URLConnection class, don't get me started...) uses the Java InetAddress class to look up host names:
Reading this page you will notice that the JDK caches both positive and negative DNS lookups. And it caches the positive lookups forever.
Hey, its not our fault!
Luckily, this can be controled by the Java security configuration for the JVM. In JDK 1.4.2 you can edit the file .../lib/security/java.security and set the value networkaddress.cache.ttl, commented out at the bottom of the file, to something other than -1. This controls the time to live for positive DNS results. There are dire security warnings about doing this, but something reasonable, like 4 hours (14,000 seconds), would probably be safe.
I am going to try and get a Tech Note published by support for this and perhaps mention this configuration in the CFHTTP man pages too.