问题
We are experiencing a quite weird behaviour on Linux w.r.t. Java DNS lookups (update: happens also on Mac OS X—I was wrong).
We set the Google public DNS server 8.8.8.8 as the JVM DNS server. The system (/etc/resolv.conf) server, however, remains out standard server ghost.di.unimi.it.
When an address is looked up using InetAddress.getAllByName() or DNSJava's Addess.getAllByName(), everything works as expected (in particular, this is DNSJava):
01:39:11.832438 IP nexus.law.di.unimi.it.33195 > google-public-dns-a.google.com.domain: 46509+ A? www.uffa.com. (30) 01:39:11.832820 IP nexus.law.di.unimi.it.52782 > ghost.di.unimi.it.domain: 42740+ PTR? 8.8.8.8.in-addr.arpa. (38) 01:39:11.833510 IP ghost.di.unimi.it.domain > nexus.law.di.unimi.it.52782: 42740 1/2/0 PTR google-public-dns-a.google.com. (128) 01:39:11.865165 IP google-public-dns-a.google.com.domain > nexus.law.di.unimi.it.33195: 46509 1/0/0 A 208.87.35.103 (46)
As you can see, we resolve www.uffa.com, and then there is a reverse lookup (happens just one time at the first lookup) of 8.8.8.8 for authentication purposes. At this point, the IP address of www.uffa.com is cached and no lookups should happen if we make another call within the TTL.
Nonetheless, when we actually try to open a socket on www.uffa.com using Apache HTTP Component's DefaultHttpClient, we see this:
01:40:06.892383 IP nexus.law.di.unimi.it.53977 > ghost.di.unimi.it.domain: 22255+ PTR? 103.35.87.208.in-addr.arpa. (44) 01:40:07.204359 IP ghost.di.unimi.it.domain > nexus.law.di.unimi.it.53977: 22255 1/2/2 PTR 208-87-35-103.securehost.com. (154)
That is, Java (or something else on the machine) is performing a reverse lookup of www.uffa.com's address to our system server, instead than to Google's server. The same happens using URL.openConnection().getContent().
We used BTrace to instrument InetAddress/Address code, and no calls that could imply a reverse DNS lookup are performed.
Frankly, we do not even know what to look for.
Our big problem is that we're writing a high-performance crawler, and while we try to pace carefully DNS lookups, there is nothing we can do to pace this reverse lookups because they are performed when the socket is opened, which happens in crawling threads whose number is in the thousands.
An an additional information, wget performs a reverse DNS lookup, too, but an nc on port 80 (which of course gives nothing) doesn't.
As usual, any help is appreciated.
回答1:
The reverse DNS lookups are done by the SecurityManager, and you can't disable them.
回答2:
In the end, the only real problem was that I was not giving tcpdump the -n option. The reverse lookup I was observing were just tcpdump's.
来源:https://stackoverflow.com/questions/14087634/on-linux-java-issues-reverse-dns-lookups-when-a-socket-is-opened-why-and-how