This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
CharlesVonHagen
Contributor
Contributor
‎2020-04-06 01:32 PM

DNS cache in AM

Jump to solution

At the AM or SUSE Linux layer is there any DNS caching to deliberately extend the minimum TTL for a zone file entry? 

 

SMSDelivery
Functional Specification   question 7.1

The application framework (Java, .NET, etc.) layer, which by default typically caches DNS lookups.

The OS/Machine layer. This is uncommon but should still be verified

 

 

These questions came from our SMS provider Authentify to ensure that if they have maintenance and need to swing all ODA traffic to another data center, we don’t experience an outage due to our deliberate extension of DNS cached answers.

 

Thanks Chuck

0 Likes
Reply
1 Solution

Accepted Solutions
EdwardDavis
Employee
Employee
‎2020-04-06 01:59 PM

Jump to solution

In AM, DNS lookups being cached... it is java.security setting. We do not recommend changes to this file.

/opt/rsa/am/appserver/jdk/jre/lib/security/java.security

 

8.4.0.11.0 uses defaults which is 30 seconds for positive lookups.

We do not set forever (-1) so 30 seconds is the result.

 

#
# The Java-level namelookup cache policy for successful lookups:
#
# any negative value: caching forever
# any positive value: the number of seconds to cache an address for
# zero: do not cache
#
# default value is forever (FOREVER). For security reasons, this
# caching is made forever when a security manager is set. When a security
# manager is not set, the default behavior in this implementation
# is to cache for 30 seconds.

# networkaddress.cache.ttl=-1

View solution in original post

Reply
1 Reply
EdwardDavis
Employee
Employee
‎2020-04-06 01:59 PM

Jump to solution

In AM, DNS lookups being cached... it is java.security setting. We do not recommend changes to this file.

/opt/rsa/am/appserver/jdk/jre/lib/security/java.security

 

8.4.0.11.0 uses defaults which is 30 seconds for positive lookups.

We do not set forever (-1) so 30 seconds is the result.

 

#
# The Java-level namelookup cache policy for successful lookups:
#
# any negative value: caching forever
# any positive value: the number of seconds to cache an address for
# zero: do not cache
#
# default value is forever (FOREVER). For security reasons, this
# caching is made forever when a security manager is set. When a security
# manager is not set, the default behavior in this implementation
# is to cache for 30 seconds.

# networkaddress.cache.ttl=-1

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.