- Enclosing class:
protected static class SecurityUtil.QualifiedHostResolver
- extends Object
This an alternate resolver with important properties that the standard
java resolver lacks:
1) The hostname is fully qualified. This avoids security issues if not
all hosts in the cluster do not share the same search domains. It
also prevents other hosts from performing unnecessary dns searches.
In contrast, InetAddress simply returns the host as given.
2) The InetAddress is instantiated with an exact host and IP to prevent
further unnecessary lookups. InetAddress may perform an unnecessary
reverse lookup for an IP.
3) A call to getHostName() will always return the qualified hostname, or
more importantly, the IP if instantiated with an IP. This avoids
unnecessary dns timeouts if the host is not resolvable.
4) Point 3 also ensures that if the host is re-resolved, ex. during a
connection re-attempt, that a reverse lookup to host and forward
lookup to IP is not performed since the reverse/forward mappings may
not always return the same IP. If the client initiated a connection
with an IP, then that IP is all that should ever be contacted.
NOTE: this resolver is only used if:
|Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
public InetAddress getByName(String host)
- Create an InetAddress with a fully qualified hostname of the given
hostname. InetAddress does not qualify an incomplete hostname that
is resolved via the domain search list.
InetAddress.getCanonicalHostName() will fully qualify the
hostname, but it always return the A record whereas the given hostname
may be a CNAME.
host - a hostname or ip address
- InetAddress with the fully qualified hostname or ip
UnknownHostException - if host does not exist
Copyright © 2009 The Apache Software Foundation