As part of efforts to reduce release window downtime, we recommend all Veeva customers update their DNS caching so that integrations don’t cache the DNS forever. We recommend that you configure the DNS TTL (time-to-live) value to no more than 60 seconds. This ensures that when a Vault resource IP address changes, your integration will be able to receive and use the new IP address by re-querying the DNS.
Default TTL varies depending on your JVM version and whether a Security Manager is in use. If the JVM default TTL is 60 seconds or less and a security manager is not in use, no changes are recommended.
For some Java configurations, the JVM default TTL only refreshes DNS entries upon JVM restart. This means you must manually restart the JVM to refresh cached IP information when the IP address for a resource changes while your application is running. Changing the JVM’s TTL to periodically refresh cached IP information avoids JVM restarts for this reason.
To modify the JVM TTL, set the networkaddress.cache.ttl value to 60 using one of the following methods, depending on your needs:
To apply the TTL globally for all applications using the JVM, set the following in the $JAVA_HOME/jre/lib/security/java.security file:
networkaddress.cache.ttl=60
To apply the JVM TTL for a single application, set the following in the initialization code:
java.security.Security.setProperty("networkaddress.cache.ttl" , "60");
For more information, contact Veeva Support.