[debian-mysql] Bug#717864: Bug#717864: mysql-server-5.1: MySQL Server 5.1 ignores skip-name-resolve if hosts.allow is non-empty

Clint Byrum clint at fewbar.com
Fri Jul 26 18:36:07 UTC 2013 

Hi James, thanks for the bug report.

I've tested this on MySQL 5.5 and it does not seem to be affected.

Is there any chance you can confirm that wheezy (and thus 5.5) is
unaffected?

I have very limited time, as does the rest of the team, and so I don't
expect we'll be pushing any updates to oldstable any time soon.

Excerpts from James Lawrie's message of 2013-07-25 10:56:57 -0700:
> Package: mysql-server-5.1
> Version: 5.1.66-0+squeeze1
> Severity: important
> 
> MySQL Server 5.1 ignores skip-name-resolve is hosts.allow is non-empty,
> performing reverse DNS lookups for incoming connections.
> 
> If a nameserver is unresponsive for whatever reason, this seems to cause
> a 5 or more second block to the connection thread, preventing anyone from
> connecting (even over a socket) until the next nameserver is tried.
> 
> To replicate, enable skip-name-resolve with an empty hosts.allow and restart
> MySQL. Run tcpdump or strace mysqld on one terminal:
> 
> strace -t -p`cat /var/run/mysqld/mysqld.pid` -tCv -s2000 2>&1 | grep "htons(53)"
> 
> >From another terminal (locally or not) connect over TCP and note that the strace
> doesn't display any output.
> 
> Then add any entry (eg. ANY: 127.0.0.1) to the end of /etc/hosts.allow, and connect
> again. You'll see a DNS lookup.
> 
> Marked as important because on a busy database server with an intermittently
> unresponsive nameserver in resolv.conf, this can cause frequent timeouts and delays
> of several seconds, which can break applications and be difficult to diagnose.
> 
> -- System Information:
> Debian Release: 6.0.6
>   APT prefers oldstable
>   APT policy: (500, 'oldstable')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
> Shell: /bin/sh linked to /bin/bash
> 
> Versions of packages mysql-server-5.1 depends on:
> ii  adduser     3.112+nmu2                   add and remove users and groups
> ii  debconf [de 1.5.36.1                     Debian configuration management sy
> ii  libc6       2.11.3-4                     Embedded GNU C Library: Shared lib
> ii  libdbi-perl 1.612-1                      Perl Database Interface (DBI)
> ii  libgcc1     1:4.4.5-8                    GCC support library
> ii  libmysqlcli 5.1.66-rel14.1-495.squeeze   Percona Server database client lib
> ii  libstdc++6  4.4.5-8                      The GNU Standard C++ Library v3
> ii  lsb-base    3.2-23.2squeeze1             Linux Standard Base 3.2 init scrip
> ii  mysql-clien 5.1.66-0+squeeze1            MySQL database client binaries
> ii  mysql-commo 5.1.66-0+squeeze1            MySQL database common files, e.g. 
> ii  mysql-serve 5.1.66-0+squeeze1            MySQL database server binaries
> ii  passwd      1:4.1.4.2+svn3283-2+squeeze1 change and administer password and
> ii  perl        5.10.1-17squeeze4            Larry Wall's Practical Extraction 
> ii  psmisc      22.11-1                      utilities that use the proc file s
> ii  zlib1g      1:1.2.3.4.dfsg-3             compression library - runtime
> 
> Versions of packages mysql-server-5.1 recommends:
> ii  bsd-mailx [mailx]  8.1.2-0.20100314cvs-1 simple mail user agent
> ii  libhtml-template-p 2.9-2                 module for using HTML Templates wi
> ii  mailx              1:20071201-3          Transitional package for mailx ren
> 
> Versions of packages mysql-server-5.1 suggests:
> pn  tinyca                        <none>     (no description available)
> 
> -- debconf information excluded
>

More information about the pkg-mysql-maint mailing list