Tuesday, October 19, 2004

CFMX and DNS caching

Recently a customer complained about the behavior of CFHTTP in ColdFusion MX:

"CFHTTP permanently caches the DNS look-up. This cache can only be flushed by recycling ColdFusion service on the machine in question. Why doesn't CF rely on the server to resolve the domain? What's with caching the DNS look-up at all??"

Needless to say, the CFHTTP code doesn't do anything like this because it would make customers mad. :-) So I did a bit of investigation. The underlying library we use to support HTTP operations (after I switched it from using the Java URLConnection class, don't get me started...) uses the Java InetAddress class to look up host names:

http://java.sun.com/j2se/1.4.2/docs/api/java/net/InetAddress.html

Reading this page you will notice that the JDK caches both positive and negative DNS lookups. And it caches the positive lookups forever.

Hey, its not our fault!

Luckily, this can be controled by the Java security configuration for the JVM. In JDK 1.4.2 you can edit the file .../lib/security/java.security and set the value networkaddress.cache.ttl, commented out at the bottom of the file, to something other than -1. This controls the time to live for positive DNS results. There are dire security warnings about doing this, but something reasonable, like 4 hours (14,000 seconds), would probably be safe.

I am going to try and get a Tech Note published by support for this and perhaps mention this configuration in the CFHTTP man pages too.


10 comments:

Anonymous said...

Is there any concern with setting this via CF? (I helped this fellow with it):

http://www.macromedia.com/cfusion/webforums/forum/messageview.cfm?catid=273&threadid=832011&highlight_key=y&keyword1=ttl

-Dave Ross

Anonymous said...

Does changing this setting also affect the SMTP server configuration in the ColdFusion Administrator? We specify the SMTP server by hostname, and when we recently had some network changes that changed the IP address of the SMTP server, we had to bounce the server to get it to see the new IP address. Would changing the networkaddress.cache.ttl value also fix this problem?

Tom said...

Yes, this would affect the resolution of SMTP server hostnames as well.

Anonymous said...

Hi can anyone comment on if this issue would effect CF Datasources?

Tom said...

Any resolution of DNS names would be affected, so datasource server would be included in that unless you used a straight IP address.

Anonymous said...

Years after the fact, your page solved my problem. We did a migration from one IP to another and couldn't figure out why Scheduled Tasks wouldn't run!

This was it!

Thanks!

Anonymous said...

You just saved us from setting up automatic reboots on a daily basis!
F*n A dude! You're the man!!!

jeff.dalton said...

This page explained a LOT! It's really awesome. Thanks for the fix.

Anonymous said...

These comments have been invaluable to me as is this whole site. I thank you for your comment.

Anonymous said...
This comment has been removed by a blog administrator.