The MySQL server maintains a host cache in memory that contains information about clients: IP address, host name, and error information. The server uses the host cache for several purposes:
By caching the results of IP-to-host name lookups, the server avoids doing a DNS lookup for each client connection. Instead, for a given host, it needs to perform a lookup only for the first connection from that host.
The cache contains information about errors that occur during the connection process. Some errors are considered “blocking.” If too many of these occur successively from a given host without a successful connection, the server blocks further connections from that host. The
max_connect_errorssystem variable determines the number of permitted errors before blocking occurs. See Section B.5.2.6, “Host 'host_name' is blocked”.
The server uses the host cache for nonlocal TCP connections.
It does not use the cache for TCP connections established
using a loopback interface address (for example,
for connections established using a Unix socket file, named
pipe, or shared memory.
For each new client connection, the server uses the client IP address to check whether the client host name is in the host cache. If not, the server attempts to resolve the host name. First, it resolves the IP address to a host name and resolves that host name back to an IP address. Then it compares the result to the original IP address to ensure that they are the same. The server stores information about the result of this operation in the host cache. If the cache is full, the least recently used entry is discarded.
The server performs host name resolution using the thread-safe
gethostbyname_r() calls if the operating
system supports them. Otherwise, the thread performing the
lookup locks a mutex and calls
gethostbyname() instead. In this case, no
other thread can resolve host names not found in the host
cache until the thread holding the mutex lock releases it.
It is possible for a blocked host to become unblocked even
FLUSH HOSTS if activity
from other hosts has occurred since the last connection
attempt from the blocked host. This can occur because the
server discards the least recently used cache entry to make
room for a new entry if the cache is full when a connection
arrives from a client IP not in the cache. If the discarded
entry is for a blocked host, that host becomes unblocked.
The host cache is enabled by default. To disable it, start the
server with the
To disable DNS host name lookups, start the server with the
--skip-name-resolve option. In
this case, the server uses only IP addresses and not host
names to match connecting hosts to rows in the MySQL grant
tables. Only accounts specified in those tables using IP
addresses can be used. (A client may not be able to connect if
no account exists that specifies the client IP address.)
If you have a very slow DNS and many hosts, you might be able
to improve performance either by disabling DNS lookups with
--skip-name-resolve or by
(default value: 128) and recompiling the server
To disallow TCP/IP connections entirely, start the server with
Some connection errors are not associated with TCP connections, occur very early in the connection process (even before an IP address is known), or are not specific to any particular IP address (such as out-of-memory conditions).