Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1158487

Summary: [RFE] Implement custom DNS resolver to prevent Java DNS indefinite lookups causing engine lockdown
Product: [Retired] oVirt Reporter: Daniel Helgenberger <daniel.helgenberger>
Component: ovirt-engine-coreAssignee: bugs <bugs>
Status: CLOSED DUPLICATE QA Contact: Pavel Stehlik <pstehlik>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 3.5CC: alonbl, ecohen, gklein, iheim, lsurette, oourfali, rbalakri, s.kieske, yeylon
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: infra
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-08 09:04:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Daniel Helgenberger 2014-10-29 13:42:38 UTC 
Description of problem:
Right now Java has a 'security feature' witch caches DNS entries and also does not honor TTLs and DNS server settings. [1]
This problem can cause a severe engine lock down witch is not transparent because everything is configured correctly by the user. Furethermore, the fix requires manual intervention (not only restarting engine) but a change of resolv.conf [2].

To change this rather bad behavior for oVirt Engine something needs to be done to not use Java for DNS lookups any more but rather use OS/Kernel functions.

Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
Actual results:
Expected results:
Please see [2]

Additional info:


[1] http://www.rexconsulting.net/tip-java-does-not-honor-dns-ttl-recommendation-in-enterprise-environment.html
[2] BZ1158023
Comment 1 Alon Bar-Lev 2014-10-30 07:32:08 UTC 
as I wrote in bug#1158023 this should be fixed within the java domain. it is not specific to this project, unless true dynamic should be applied, this is not one of these cases.
Comment 2 Oved Ourfali 2015-03-08 09:04:46 UTC 
Per comment #1 I'm closing this one.

*** This bug has been marked as a duplicate of bug 1158023 ***