Per Byron’s answer, you can’t set networkaddress.cache.ttl
or networkaddress.cache.negative.ttl
as System Properties by using the -D
flag or calling System.setProperty
because these are not System properties – they are Security properties.
If you want to use a System property to trigger this behavior (so you can use the -D
flag or call System.setProperty
), you will want to set the following System property:
-Dsun.net.inetaddr.ttl=0
This system property will enable the desired effect.
But be aware: if you don’t use the -D
flag when starting the JVM process and elect to call this from code instead:
java.security.Security.setProperty("networkaddress.cache.ttl" , "0")
This code must execute before any other code in the JVM attempts to perform networking operations.
This is important because, for example, if you called Security.setProperty
in a .war file and deployed that .war to Tomcat, this wouldn’t work: Tomcat uses the Java networking stack to initialize itself much earlier than your .war’s code is executed. Because of this ‘race condition’, it is usually more convenient to use the -D
flag when starting the JVM process.
If you don’t use -Dsun.net.inetaddr.ttl=0
or call Security.setProperty
, you will need to edit $JRE_HOME/lib/security/java.security
and set those security properties in that file, e.g.
networkaddress.cache.ttl = 0
networkaddress.cache.negative.ttl = 0
But pay attention to the security warnings in the comments surrounding those properties. Only do this if you are reasonably confident that you are not susceptible to DNS spoofing attacks.