PingDirectory

Domain Name Service (DNS) caching

If needed, two global configuration properties can be used to control the caching of host name-to-numeric IP address (DNS lookup) results returned from the name resolution services of the underlying operating system. Use the dsconfig tool to configure these properties.

network-address-cache-ttl

Sets the Java system property networkaddress.cache.ttl, and controls the length of time in seconds that a host name-to-IP address mapping can be cached. The default behavior is to keep resolution results for one hour (3600 seconds). This setting applies to the server and all extensions loaded by the server.

network-address-outage-cache-enabled

Caches host name-to-IP address results in the event of a DNS outage. This is set to true by default, meaning name resolution results are cached. Unexpected service interruptions may occur during planned or unplanned maintenance, network outages or an infrastructure attack. This cache may allow the server to function during a DNS outage with minimal impact. This cache is not available to server extensions.

To reduce delays due to unnecessary DNS lookups, follow these recommendations:

  • Maintain a connection pool in the client app rather than opening new connections for each bind.

  • Add appropriate records to DNS, including PTR records.

  • Add options timeout:1 and/or options single-request in /etc/resolv.conf.

  • If IPv6 requests specifically are causing issues, Add -Djava.net.preferIPv4Stack=true to the start-server.java-args line in PingDirectory’s config/java.properties so that running bin/dsjavaproperties and restarting the server will no longer issue IPv6 PTR requests.