Bug #77924 JDBC SOCKS should not perform local DNS resolution
Submitted: 3 Aug 2015 23:09 Modified: 13 Mar 2017 9:41
Reporter: David Phillips Email Updates:
Status: Verified Impact on me:
None 
Category:Connector / J Severity:S3 (Non-critical)
Version:5.1.35 OS:Any
Assigned to: Alexander Soklakov CPU Architecture:Any
Tags: jdbc, socks

[3 Aug 2015 23:09] David Phillips
Description:
When connecting over SOCKS using the recently added "socksProxyHost" property, the InetSocketAddress should be created as an unresolved address to allow resolution to happen via the proxy, rather than performing resolution locally.

A common reason for using a proxy is to access something not available on the local network. For example, accessing a machine on a production network from a corporate network. In such cases, the DNS might not even be available locally (e.g. internal server names only resolve on the production network).

Another potential issue is address types: the client machine and target machine might both have IPv4 and IPv6 addresses, but the proxy only has IPv6. In this case, resolving an IPv4 address on the client means that the proxy won't be able to connect, but if the proxy resolved the address, it would correctly choose the IPv6 address.

Instead,

How to repeat:
Connect to to a remote machine via SOCKS using a hostname for the target MySQL database. Notice that the DNS resolution happens locally rather than the original hostname being passed to the proxy.

Suggested fix:
The driver should pass the hostname to the proxy as an unresolved address and let the proxy do the resolution.