Name resolution does not update addresses in Identity Manager.

  • 3570641
  • 24-Sep-2007
  • 26-Apr-2012


Novell NetWare 6.5
Novell SUSE Linux Enterprise Server 10
Novell SUSE Linux Enterprise Server 9
Novell Identity Manager - Nsure Identity Manager 2.0
Novell Identity Manager 3.0
Novell Identity Manager 3.5


When the Identity Manager (IDM) engine makes a connection via the network to a remote system for the Remote Loader (RL) or application connection the destination host can be configured using an Internet Protocol (IP) address or a Domain Name Service (DNS) name. In the latter case if the DNS record changes for some reason the engine does not connect to the new server until eDirectory itself is restarted. Restarting the driver or unloading other IDM components is not sufficient to cause the engine to see the change in DNS's resolution.


Java currently caches DNS names indefinitely by default and has always done so. As a result for the names to be re-resolved to a new IP address the Java Virtual Machine (JVM) must be reloaded. This component is loaded when eDirectory is started so restarting all of eDirectory is required for this change to take effect. Sun's documentation states this is set by default for security reasons to prevent DNS spoofing from causing other issues.

As a result of customer requests a new option is available in (at least) Java 1.5 and later which lets the administrator configure how long caching takes place within Java. Sun bug# 6247501 discusses this issue and provides a possible resolution:

It is possible to set the new parameter to change the caching period via the command loading Java or the file in the $JRE/lib/security directory. On a Linux server running eDirectory 8.8.1 that file will be located by default in /opt/novell/eDirectory/lib/nds-modules/jre/lib/security . Line 181 has the following line already present with IDM 3.5:


Changing the line so it is not commented out and has a 0 at the end will instruct Java not to cache DNS names at all.


The value can also be set to other integer values representing the number of seconds to cache the IP address associated with a DNS name. Restarting eDirectory is required for this change to take effect.

There are also programatic ways of setting this within an application though none of them apply to IDM directly.