3

I'm trying to disable the DNS name resolving as I have many other servers connecting to the central database. The DNS resolving is slow and can apparently be disabled like this:

[mysqld]
pid-file        = /var/run/mysqld/mysqld.pid
socket          = /var/run/mysqld/mysqld.sock
datadir         = /var/lib/mysql
log-error       = /var/log/mysql/error.log
port=3412
max_connections=500
skip-name-resolve

However I still can connect to it via localhost, which doesn't make sense to me.

mysql -h localhost -u root -p -P 3412

I have done some research here:

If you choose to use skip-name-resolve, make sure your MYSQL connection privileges are set to allow IPs, and not hosts.

On most systems, for the local MySQL Server you will need to use host=127.0.0.1 for ipv4 and host=::1 for ipv6 networks, instead of the classic “host=localhost”.

Why can I still connect via localhost if DNS resolving is disabled?

Houman
  • 1,545
  • 4
  • 22
  • 36

1 Answers1

2

MySQL treats connecting to localhost specially. In this case it connects via a UNIX domain socket, not via TCP, and the string localhost is still used for user authentication.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • I see. Do I have to replace `socket = /var/run/mysqld/mysqld.sock` with `bind-address=*` ? (I want to allow both IPv4 and Ipv6) – Houman Dec 05 '20 at 19:58
  • @Houman What are you trying to do? This is completely irrelevant to skipping name resolution. You can leave it as is. – Michael Hampton Dec 05 '20 at 19:58
  • Sorry, maybe I misunderstood your reply. Is there any other way to check if the DNS resolving is truly disabled? – Houman Dec 05 '20 at 19:59
  • @Houman Try connecting to `::1` or `127.0.0.1` instead and `SELECT current_user();` ? Or, for that matter, connect from the remote host that led you to begin this adventure initially. – Michael Hampton Dec 05 '20 at 20:00
  • But I can do `mysql -h ::1 -u root -P 2333 -p` despite having commented out `skip-name-resolve`. I think the reason is that as Alex mentioned `root@%` and anything can access it. – Houman Dec 05 '20 at 20:07
  • The reason this got my attention was this error shown in error.log: `[Server] IP address '185.xx.xx.xx' has been resolved to the host name 'xx.xxx.xxx.185.xxhost.com', which resembles IPv4-address itself.`. I have to apply this to see if these errors will stop appearing. And I wanted a way to test it first. – Houman Dec 05 '20 at 20:09
  • @Houman Connect from a remote host yourself, then. – Michael Hampton Dec 05 '20 at 20:22
  • Thanks. That was a great idea. I didn't see the wood for the trees. Need a break. :) – Houman Dec 05 '20 at 21:22