[debian-mysql] Bug#717864: mysql-server-5.1: MySQL Server 5.1 ignores skip-name-resolve if hosts.allow is non-empty

James Lawrie james at bytemark.co.uk
Thu Jul 25 17:56:57 UTC 2013 

Package: mysql-server-5.1
Version: 5.1.66-0+squeeze1
Severity: important

MySQL Server 5.1 ignores skip-name-resolve is hosts.allow is non-empty,
performing reverse DNS lookups for incoming connections.

If a nameserver is unresponsive for whatever reason, this seems to cause
a 5 or more second block to the connection thread, preventing anyone from
connecting (even over a socket) until the next nameserver is tried.

To replicate, enable skip-name-resolve with an empty hosts.allow and restart
MySQL. Run tcpdump or strace mysqld on one terminal:

strace -t -p`cat /var/run/mysqld/mysqld.pid` -tCv -s2000 2>&1 | grep "htons(53)"

>From another terminal (locally or not) connect over TCP and note that the strace
doesn't display any output.

Then add any entry (eg. ANY: 127.0.0.1) to the end of /etc/hosts.allow, and connect
again. You'll see a DNS lookup.

Marked as important because on a busy database server with an intermittently
unresponsive nameserver in resolv.conf, this can cause frequent timeouts and delays
of several seconds, which can break applications and be difficult to diagnose.

-- System Information:
Debian Release: 6.0.6
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages mysql-server-5.1 depends on:
ii  adduser     3.112+nmu2                   add and remove users and groups
ii  debconf [de 1.5.36.1                     Debian configuration management sy
ii  libc6       2.11.3-4                     Embedded GNU C Library: Shared lib
ii  libdbi-perl 1.612-1                      Perl Database Interface (DBI)
ii  libgcc1     1:4.4.5-8                    GCC support library
ii  libmysqlcli 5.1.66-rel14.1-495.squeeze   Percona Server database client lib
ii  libstdc++6  4.4.5-8                      The GNU Standard C++ Library v3
ii  lsb-base    3.2-23.2squeeze1             Linux Standard Base 3.2 init scrip
ii  mysql-clien 5.1.66-0+squeeze1            MySQL database client binaries
ii  mysql-commo 5.1.66-0+squeeze1            MySQL database common files, e.g. 
ii  mysql-serve 5.1.66-0+squeeze1            MySQL database server binaries
ii  passwd      1:4.1.4.2+svn3283-2+squeeze1 change and administer password and
ii  perl        5.10.1-17squeeze4            Larry Wall's Practical Extraction 
ii  psmisc      22.11-1                      utilities that use the proc file s
ii  zlib1g      1:1.2.3.4.dfsg-3             compression library - runtime

Versions of packages mysql-server-5.1 recommends:
ii  bsd-mailx [mailx]  8.1.2-0.20100314cvs-1 simple mail user agent
ii  libhtml-template-p 2.9-2                 module for using HTML Templates wi
ii  mailx              1:20071201-3          Transitional package for mailx ren

Versions of packages mysql-server-5.1 suggests:
pn  tinyca                        <none>     (no description available)

-- debconf information excluded

More information about the pkg-mysql-maint mailing list