[
https://issues.apache.org/jira/browse/FTPSERVER-136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12640896#action_12640896
]
David Latorre commented on FTPSERVER-136:
-----------------------------------------
So if I understand correctly, Amichal is providing a hostname (something like
my-server.dyndns.org) as the external-ip-address in the passive data connection
configuration.
Is that right? Then, Amichal problem is that even if he's using a hostname
which should be resolved through a DNS request, this name always point to the
same address.
This is because of the caching behaviour of InetAddress. From JavaDocs:
InetAddress Caching
The InetAddress class has a cache to store successful as well as unsuccessful
host name resolutions. The positive caching is there to guard against DNS
spoofing attacks; while the negative caching is used to improve performance.
By default, the result of positive host name resolutions are cached forever,
because there is no general rule to decide when it is safe to remove cache
entries.
Thus, we should set the security property which defines how long IP address
will be cached:
networkaddress.cache.ttl (default: -1)
Indicates the caching policy for successful name lookups from the name service.
The value is specified as as integer to indicate the number of seconds to cache
the successful lookup.
I find this could be a bit of a trouble because, most probably, Application
Servers set themselves the property. And of course if a security manager is on
we might not be able to change this setting.
What do you think Niklas? Actually, that explanation about "spoofing
prevention" is kinda laughable and I hope this cache forever default is dropped
in the jdk!
> incorrent IP used in opening data channel
> -----------------------------------------
>
> Key: FTPSERVER-136
> URL: https://issues.apache.org/jira/browse/FTPSERVER-136
> Project: FtpServer
> Issue Type: Bug
> Environment: Windows XP
> Reporter: Amichai Rothman
> Assignee: Niklas Gustavsson
> Priority: Minor
> Fix For: 1.0-M4
>
>
> The IP used in opening the data channel (DATA command) appears to be
> determined when the ftp server starts, and never updated again. On systems
> where the IP address might change (such as any dynamic dns host) this causes
> all data connections to fail, and requires a full restart of the service
> whenever the IP address changes (which makes the availability of the ftp
> server unreliable for practical use).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
