Set the JVM TTL for DNS name lookups

The Java virtual machine (JVM) caches DNS name lookups. When the JVM resolves a hostname to an IP address, it caches the IP address for a specified period of time, known as the time-to-live (TTL).

Because AWS resources use DNS name entries that occasionally change, we recommend that you configure your JVM with a TTL value of 5 seconds. This ensures that when a resource’s IP address changes, your application will be able to receive and use the resource’s new IP address by requerying the DNS.

On some Java configurations, the JVM default TTL is set so that it will never refresh DNS entries until the JVM is restarted. Thus, if the IP address for an AWS resource changes while your application is still running, it won’t be able to use that resource until you manually restart the JVM and the cached IP information is refreshed. In this case, it’s crucial to set the JVM’s TTL so that it will periodically refresh its cached IP information.

How to set the JVM TTL

To modify the JVM’s TTL, set the networkaddress.cache.ttl security property value, set the networkaddress.cache.ttl property in the $JAVA_HOME/jre/lib/security/java.security file for Java 8 or $JAVA_HOME/conf/security/java.security file for Java 11 or higher.

The following is a snippet from a java.security file that shows the TTL cache set to 5 seconds.