The java.security file says "Setting [networkaddress.cache.ttl] to anything other than the default value can have serious security implications. Do not set it unless you are sure you are not exposed to DNS spoofing attack." Because if your process *is* subject to a DNS spoofing attack, the best thing to do is to keep the injected answer around for the lifetime of the process. Right.
I'm trying to reconstruct the thinking here. Maybe somebody reasoned that if you send N requests the attacker succeeds with probability 1-(1-p)^N, while if you send just one request the attacker succeeds with probability p. But if the attacker's value derives from how many connection attempts are made to his spoofed address, then the EV is identical either way.