On 11/09/2019 15:56, Pavel Rappo wrote:
Sure, from
https://docs.oracle.com/javase/8/docs/technotes/guides/jndi/jndi-dns.html:
"Each lookup is initially performed using UDP. If the response is too long to be
returned in a UDP packet without being truncated, the lookup is repeated using TCP."
and
"com.example.jndi.dns.timeout.initial
com.example.jndi.dns.timeout.retries
These properties are used to alter the timeout-related defaults that the DNS
provider uses when submitting UDP queries. The DNS provider submits UDP queries
using the following exponential backoff algorithm. The provider submits a query
to a DNS server and waits for a response to arrive within a timeout period (1
second by default). If it receives no response within the timeout period, it
queries the next server, and so on. If the provider receives no response from
any server, it doubles the timeout period and repeats the process of submitting
the query to each server, up to a maximum number of retries (4 by default).
The "com.example.jndi.dns.timeout.initial" property, if set, specifies the
number of milliseconds to use as the initial timeout period (i.e., before any doubling).
If this property has not been set, the default initial timeout is 1000 milliseconds.
The "com.example.jndi.dns.timeout.retries" property, if set, specifies the number of
times to retry each server using the exponential backoff algorithm described previously. If
this property has not been set, the default number of retries is 4."
I cannot seem to find a newer version of that document though.
I assume extending the timeout to TCP will require at least some minimal
updates to the descriptions. That will help reviewers and help decide if
a CSR is needed or not. Ideally the authoritative descriptions of these
properties would be in the javadoc, probably in the jdk.naming.dns
module description.
-Alan