Did I say you could set this on the command line? I was wrong:
you edit a properties file in the JVM lib/security directory, or call
java.security.Security.setProperty("networkaddress.cache.ttl" , "0");
It would be possible for server-side nodes to set this property when they start up, but the operation should be wrapped with a catch for any security exception, so running hadoop under a security manager isn't fatal.
-this is separate to where the hostnames should be resolved, which needs to be moved into every services offerService loop.
Alan - I believe the Sun JVM DNS cache still ignores the TTL that comes down from above. It's to stop applets and other sandboxed things breaking out of the sandbox and talking to hosts behind the firewall, but interferes with long-lived server-side code.