5

We have a problem in a sandboxed Java Applet because the SecurityManager does a reverse DNS lookup. See other question.

But the underlying problem is, that the Reverse DNS lookup takes about 4.5 seconds (without a domain result). The Problem is NOT the missing result (it returns the IP in that case), it's just the fact that it takes so long.

The problem is also independent of the SecurityManager, it only becomes a problem there because the Permissions class holds a lock while running into this and so freezes many other threads for 4.5 (or more) seconds.

There are also domains that don't have a domain-name result (ie. return the IP) which do not take 4.5 seconds. For example "staminus.net".

SSCCE:

String host = "random.org";
// "random.org" - IP result, takes 4.5 seconds
// "cdn.knuddelscom.de" - IP result, takes 4.5 seconds
// "staminus.net" - IP result, fast
// "google.com" - domain result: fra15s11-in-f14.1e100.net, fast
InetAddress addr = Inet4Address.getByName(host);
for (int i = 0; i < 100; i++)
{
    long start = System.currentTimeMillis();
    String hostName = Inet4Address.getByAddress(addr.getAddress()).getHostName();
    long end = System.currentTimeMillis();
    System.out.println((i + 1) + " RDNS " + host + " ... (" + (end - start) + "ms): " + hostName);
}

(Tested with Java JDK 1.8.0_40)

I used Sysinternals Process Explorer to make a windows API call thread dump of the hanging thread, but i don't know enough about it to tell what's happening:

ntoskrnl.exe!KeSynchronizeExecution+0x2246
ntoskrnl.exe!KeWaitForMultipleObjects+0x135e
ntoskrnl.exe!KeWaitForMultipleObjects+0xdd9
ntoskrnl.exe!KeWaitForSingleObject+0x373
ntoskrnl.exe!KeReleaseSemaphore+0xd33
ntoskrnl.exe!NtSetEvent+0xf99
ntoskrnl.exe!NtSetEvent+0x447
ntoskrnl.exe!RtlEqualUnicodeString+0x9ae
ntoskrnl.exe!setjmpex+0x34a3
ntdll.dll!ZwAlpcSendWaitReceivePort+0xa
RPCRT4.dll!NDRCContextBinding+0x6c8
RPCRT4.dll!NdrClientCall3+0xded
RPCRT4.dll!NdrClientCall3+0xfe
DNSAPI.dll!AddRefQueryBlobEx+0x753
DNSAPI.dll!DnsValidateName_W+0x1312
DNSAPI.dll!DnsQueryEx+0x103
mswsock.dll!Tcpip4_WSHOpenSocket2+0x1578
mswsock.dll!Tcpip4_WSHOpenSocket2+0x141e
mswsock.dll!Tcpip4_WSHOpenSocket2+0x1252
WS2_32.dll!WSALookupServiceNextW+0x1d8
WS2_32.dll!WSALookupServiceNextW+0xa3
WS2_32.dll!GetHostNameW+0x2e44
WS2_32.dll!GetHostNameW+0x1130
WS2_32.dll!getnameinfo+0xaf
net.dll!Java_java_net_Inet6AddressImpl_getHostByAddr+0x124

Since it is always about 4.5 seconds it looks very much like a timeout. Thus this explanation would be logical: The (R)DNS server does not answer our request.

How can we test this?

How can we fix this?

Community
  • 1
  • 1
Frederic Leitenberger
  • 1,949
  • 24
  • 32

0 Answers0