Please review the code change at http://cr.openjdk.java.net/~weijun/8052412/webrev.00
The original code queries DNS server every time the getKDCList() method is called. On the other hand, if the KDC info is written inside a krb5.conf file, it is never re-read (or for each login when the JAAS login config file has Krb5LoginModule refresh on). The re-querying of DNS is a great waste of time. Updated code stores the result in a cache. It's not uncommon that a DNS server could contain stale entries so a removeFromDnsCache() method is called if a KDC is not accessible. When all KDCs for a realm are removed, a new query will be sent. To be consistent with krb5.conf reading, a Krb5LoginModule refresh would reset the cache. Thanks Max
