Java : DNS usage

The application uses requests to DNS. DNS replies can not be considered trusted because of possible DNS spoofing attacks.

DNS-servers are vulnerable to attacks. It is necessary to proceed from the assumption that the application is running in an environment with an untrusted DNS server. If an attacker can update the entries in the DNS cache (cache poisoning), he/she can also redirect traffic through his/her own devices.

IP addresses are more secure than DNS names, but they can be overridden in an attack, too.