Set the JVM TTL for DNS name lookups
The Java virtual machine (JVM) caches DNS name lookups. When the JVM resolves a hostname to an IP address, it caches the IP address for a specified period of time, known as the time-to-live (TTL).
Because AWS resources use DNS name entries that occasionally change, we recommend that you configure your JVM with a TTL value of 5 seconds. This ensures that when a resource’s IP address changes, your application will be able to receive and use the resource’s new IP address by requerying the DNS.
On some Java configurations, the JVM default TTL is set so that it will never refresh DNS entries until the JVM is restarted. Thus, if the IP address for an AWS resource changes while your application is still running, it won’t be able to use that resource until you manually restart the JVM and the cached IP information is refreshed. In this case, it’s crucial to set the JVM’s TTL so that it will periodically refresh its cached IP information.
How to set the JVM TTL
To modify the JVM’s TTL, set the networkaddress.cache.ttlnetworkaddress.cache.ttl
property in the
$JAVA_HOME/jre/lib/security/java.security
file for Java 8 or
$JAVA_HOME/conf/security/java.security
file for Java 11 or higher.
The following is a snippet from a java.security
file that shows the TTL
cache set to 5 seconds.
# # This is the "master security properties file". # # An alternate java.security properties file may be specified ... # The Java-level namelookup cache policy for successful lookups: # # any negative value: caching forever # any positive value: the number of seconds to cache an address for # zero: do not cache ...
networkaddress.cache.ttl=5
...
All applications that run on the JVM represented by the$JAVA_HOME
environment variable use this setting.