> we find that JVM have an insane approach to DNS cache timeout -- > they ignore the TTL entirely.
I wouldn't go so far as to call it insane, but it's a poor solution to the problem of rogue DNS responders. That said, there's a well-known solution: edit the following line in $JRE_HOME/lib/security/java.security: networkaddress.cache.ttl=-1 Set it to whatever timeout you like in milliseconds. We run a customized JDK configuration where we've used the following for ages: networkaddress.cache.ttl=14400 > Has anyone else dealt with this? Yes. > Is there a better way to do remote DR than using DNS? Not afaik. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
