2

We've recently begun to have some downtime due to our database server (MySql) stops responding/refuses connections. We get the following (a lot) when we monitor with mytop:

5033 unauthent   217.75.117.87  0 Connec login

The IP is our own and should be allowed to connect to the server, and it works most of the time.

Some MySql distribution info:

Ver 14.12 Distrib 5.0.27, for portbld-freebsd6.2 (amd64) using  5.0
  • Does anyone have any idea of why this would happen and what it means?
  • How can we resolve this issue?
  • A search on google for mysql unauthent gave lead me to a forum thread which says the problem was resolved by starting mysql with the flag --skip-resolve-names. What does this flag do and what are the consequences of enabling it?

We are getting pretty desperate here, so quick responses would be MUCH appreciated. Thanks!

PatrikAkerstrand
  • 133
  • 7
  • I've seen this problem too - was quickly resolved with --skip-resolve-names. Dan C gives a good explanation to answer your third bullet. – Matt Cummings Jun 10 '09 at 21:25

2 Answers2

5

--skip-resolve-names prevents the server from looking up the reverse DNS recording for the connecting client. If the connecting client doesn't have a reverse DNS entry then the connection may hang for a brief period of time while it attempts and fails to make this lookup.

I can see from here that 87.117.75.217.in-addr.arpa. doesn't resolve to anything. You may find that it is working fine for brief periods of time while the NXDOMAIN result is cached, only to then be re-queried and hang again at a later time.

As answered in this thread you can also place skip_name_resolve in the [mysqld] section of your server's my.cnf. But the much more concise solution is to ensure that you have reverse DNS setup correctly for that host.

Community
  • 1
Dan Carley
  • 25,189
  • 5
  • 52
  • 70
  • Your answer was spot on. +1 and accept. Thanks a lot. We'll do the skip_name_resolve for now. To fix the reverse DNS we have to involve our nameserver-provider and it'll take some time. also, we don't use any dns-names in our GRANTS, so is there any other reason to fix it? – PatrikAkerstrand Jun 10 '09 at 21:32
  • Great. Do try to fix the rDNS though. It's good practice and can affect applications other than MySQL. – Dan Carley Jun 10 '09 at 22:12
0

--skip-resolve-names will stop the server from trying to resolve the hostname from a connections IP. If you don't have the server correctly configured to resolve hostnames it will speed things up because it won't have to timeout.

If you do turn it off you'll have to permission by IP rather than by hostname.

How are you permissioning access currently? If you are using hostnames and it can't resolve them, then you'll get that error.

Alex
  • 1,103
  • 6
  • 12