Bug #64885 MySQL Server does DNS-PTR lookups even when skip-name-resolve is active
Submitted: 6 Apr 2012 10:50 Modified: 9 Jan 2015 0:15
Reporter: Bjoern Boschman (OCA) Email Updates:
Status: No Feedback Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:5.1.61,5.5.17 OS:Linux
Assigned to: CPU Architecture:Any
Tags: dns, PTR, skip_name_resolve

[6 Apr 2012 10:50] Bjoern Boschman 
Description:
I'm running my MySQL server with the --skip-name-resolve.
I verified that this option is enabled via:

mysql> show variables LIKE 'skip_name_resolve'\G
*************************** 1. row ***************************
Variable_name: skip_name_resolve
        Value: ON
1 row in set (0.00 sec)

Unfortunatelly SQL connections from remote hosts are very slow in the handshake phase.
I found that this is the case for hosts where no PTR record is set.

After that I started a tcpdump on the mysql-server host looking for DNS queries
and I see several PTR lookup each time a remote client wants to connect.

How to repeat:
* run mysql-server with --skip-name-resolve
* run tcpdump/ngrep or similar to check for DNS PTR lookups
* perform remote login

Suggested fix:
Disable any name resolver when --skip_name_resolve is set.
[7 Sep 2012 19:58] Sveta Smirnova 
Thank you for the report.

Do you have name-based privileges in your grant tables? In other words, send us output of SELECT user, host FROM mysql.user
[7 Sep 2012 20:41] Bjoern Boschman 
Hi,

thanks for your reply.
Yes I do have some name-based privs (see below):

"user";"host"
"wwwdb";"%"
"gestioip";"127.0.0.1"
"root";"127.0.0.1"
"root";"some.host.de"
"debian-sys-maint";"localhost"
"gestioip";"localhost"
"root";"localhost"
"wwwdb";"localhost"
"gestioip";"localhost.localdomain"

Cheers
B
[18 Sep 2012 17:39] Sveta Smirnova 
Thank you for the feedback.

I can not repeat described behavior. Please send us following information:

1. Exact MySQL Server version you use (file name you downloaded)
2. User name you use to connect, so we can create same pattern based on your mysql.host table entries
3. tcpdump output
[19 Oct 2012 1:00] Bugs System 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
[17 Oct 2014 0:50] Mike Hicklen 
Hi,

I wanted to comment because I had two servers doing this today:

Ubuntu 14.04 LTS with MySQL 5.5
Debian 6.0 with MySQL 5.1

As it turns out, the fix was to either disable tcp wrappers (ie. comment out everything in /etc/hosts.allow and /etc/hosts.deny) or to allow the IP of the connecting server in /etc/hosts.allow like so:

ALL : 10.1.1.         # MySQL - prevent port 53 flooding against resolvers

This clears up the issue of MySQL seemingly causing the server to slam the nameservers listed in /etc/resolv.conf

I hope this helps, even though it's been a while since this issue was opened.
[17 Oct 2014 1:29] Mike Hicklen 
Hello,

I apologize for the double comment.

The only fix I found was to simply comment out all lines in /etc/hosts.allow and /etc/hosts.deny

I was unable to stop the rdns lookup by approving the connecting IP
[9 Dec 2014 0:15] Sveta Smirnova 
Thank you for the feedback.

Please upgrade to version 5.6 where HOST_CACHE table was introduced (http://dev.mysql.com/doc/refman/5.6/en/host-cache-table.html), then ensure that skip_name_resolve is ON and provide output of SELECT * FROM performance_schema.host_cache after you find out what mysqld still uses DNS to resolve host names.
[9 Jan 2015 1:00] Bugs System 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".