sun.net.inetaddr.ttl property causes AccessControlException

We're using ReCaptchas in a Tomcat hosted web app. Recently we had a few connectivity issues to the ReCaptcha calidation servers and one thing that we looked into was to put a timeout on the DNS entry resolution as suggested in the ReCaptcha Wiki: http://wiki.recaptcha.net/index.php/Overview#Important:_DNS_Caching

After adding the sun.net.inetaddr.ttl property (set it to 5 mins for a start) we now always get an AccessControlException when trying to validata the captcha.

java.security.AccessControlException: access denied (java.net.SocketPermission api-verify.recaptcha.net:80 connect,resolve)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkConnect(SecurityManager.java:1034)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:233)
at sun.net.www.http.HttpClient.New(HttpClient.java:306)
at sun.net.www.http.HttpClient.New(HttpClient.java:323)
at sun.net.www.protocol.ht开发者_JAVA百科tp.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:860)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:801)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:726)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:904)
at net.tanesha.recaptcha.http.SimpleHttpLoader.httpPost(SimpleHttpLoader.java:66)
at net.tanesha.recaptcha.ReCaptchaImpl.checkAnswer(ReCaptchaImpl.java:61)

Here's an extract of the catalina.policy that we"re using:

permission java.net.SocketPermission "*", "resolve";
permission java.net.SocketPermission "api-verify.recaptcha.net:80", "connect,resolve";

Now, I don't expect the DNS entry of the ReCaptcha servers to change a lot (or at all), but having to reboot the server if it happens is not a good thing either. Any ideas what's causing this behaviour?