tracker issue : CF-3944218

select a category, or use search below
(searches all categories and all time range)
Title:

IP caches forever and does not respect DNS TTL for cfhttp, cfftp, cfpop, cfexchangemail, cfimp & cfmail

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/NotThisProduct

Reporter/Name(from Bugbase): Henry Ho / Henry Ho (Henry Ho)

Created: 02/23/2015

Components: General Server

Versions: 10.0

Failure Type: Non Functioning

Found In Build/Fixed In Build: Final /

Priority/Frequency: Normal / All users will encounter

Locale/System: English / Win All

Vote Count: 4

Problem Description:

If any domain name you are connecting to from CFML has had a DNS change such as a change of IP address then code will suddenly stop working until you next restart CF.
 
Areas that will affect include:-
SMTP servers in the CFADMIN
Database Servers in your Datasources
CFHTTP calls
Web Services
CFFTP, CFPOP, CFEXCHANGEMAIL, CFIMAP, CFMAIL

source: http://www.michaels.me.uk/post.cfm/fix-the-dns-caching-in-coldfusion

FEATURE REQUEST: 
1. ) DNS should respect TTL
2.) CF ADMIN should have a button that Flush DNS cache without restart
3.) document the official way of setting java.security in JVM config


Steps to Reproduce:  change IP in DNS with small TTL and use of of the tags mentioned above.


Actual Result:  IP cached forever


Expected Result: uses new IP because of TTL of the DNS record.


Any Workarounds: RESTART CF or manually change java.security (not documented in CF doc)

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3944218

External Customer Info:
External Company:  
External Customer Name: Henry
External Customer Email:  
External Test Config: CF10 or CF11 or older CF on JVM.

Attachments:

Comments:

Just got hit by this bug caused by Paypal updating DNS of their endpoints. "Merchants who are hard-coding PayPal API IP addresses, rather than using DNS, may have experienced a high number of 10001 errors..." https://www.paypal-notify.com/eventnotification/event_details?eventId=6099
Comment by External U.
8302 | February 23, 2015 03:29:31 PM GMT
Agreed / +1 (Vote must be between 25 and 4000 characters)
Vote by External U.
8307 | February 23, 2015 07:24:34 PM GMT
I encountered this too. this article collates some URLs discussing it,and work arounds: http://blog.adamcameron.me/2013/09/coldfusion-jvm-and-dns-caching-maybe.html -- Adam
Comment by External U.
8303 | February 23, 2015 07:25:27 PM GMT
+1. This is a tomcat issue and affects cf11 as well
Vote by External U.
8308 | February 24, 2015 04:34:03 AM GMT
Just received an email from PayPal: "During a recent PayPal upgrade it was noted that your web site is connecting to PayPal servers using hard coded IP addresses for your SetExpressCheckout API calls. This can potentially lead to errors, missed sales and downtime for you as a merchant. We are reaching out today to ensure you are made aware of the issue and begin to take the steps necessary to use the DNS names rather than hard coded IP addresses for your PayPal.com transactions."
Comment by External U.
8304 | March 12, 2015 11:53:41 AM GMT
This is a huge problem, especially on a shared server where we have no control over if and when the server gets restarted.
Vote by External U.
8309 | September 02, 2015 10:45:42 AM GMT
+1 ......................
Vote by External U.
8310 | September 03, 2015 12:18:11 AM GMT
As other have already pointed, the DNS caching does not happen inside ColdFusion but in the JVM. From the comments in java.security file, # default value is forever (FOREVER). For security reasons, this # caching is made forever when a security manager is set. When a security # manager is not set, the default behavior in this implementation # is to cache for 30 seconds. # # NOTE: setting this to anything other than the default value can have # serious security implications. Do not set it unless # you are sure you are not exposed to DNS spoofing attack. As recommended by Java, ColdFusion should not change the default value. If you need any other value of ttl, the change should be made in the installation.
Comment by Rupesh K.
8305 | September 15, 2015 03:04:35 AM GMT
I got stung by this bug today regarding DNS for SMTP hostname. We use SparkPost to send email for a client. SparkPost uses AWS and their round-robin DNS hostnames occasionally change. When they do, all new messages become undeliverable (can't connect) and a CF service restart is required in order to update DNS and resume sending. This issue probably affects CF8, 9, 10, 11 & 2016. Amazon AWS recommends a 60 second TTL: http://docs.aws.amazon.com/AWSSdkDocsJava/latest/DeveloperGuide/java-dg-jvm-ttl.html "Because AWS resources use DNS name entries that occasionally change, we recommend that you configure your JVM with a TTL value of no more than 60 seconds." These CF-oriented blog posts recommend 5 minutes to 4-6 hours: http://coldfused.blogspot.com/2008/01/dns-lookup-caching-in-coldfusionjava.html http://tjordahl.blogspot.com/2004/10/cfmx-and-dns-caching.html http://blog.tcs.de/coldfusion-dns-cache-settings/ Will there be any attempts by Adobe to respect DNS TTL or is blaming the JVM the only path in the product roadmap? (I've been using CFX_HTTP to overcome CFHTTP bugs regarding heightened SSL requirements, incompatibilities & honoring DNS TTLs.)
Comment by External U.
8306 | May 24, 2016 11:40:54 AM GMT