Pre-General Availability Draft: 2017-10-17
The MySQL server maintains a host cache in memory that
contains information about clients: IP address, host name, and
error information. The server uses this cache for nonlocal TCP
connections. It does not use the cache for TCP connections
established using a loopback interface address
for connections established using a Unix socket file, named
pipe, or shared memory.
For each new client connection, the server uses the client IP address to check whether the client host name is in the host cache. If not, the server attempts to resolve the host name. First, it resolves the IP address to a host name and resolves that host name back to an IP address. Then it compares the result to the original IP address to ensure that they are the same. The server stores information about the result of this operation in the host cache. If the cache is full, the least recently used entry is discarded.
host_cache Performance Schema
table exposes the contents of the host cache so that it can be
statements. This may help you diagnose the causes of
connection problems. See Section 126.96.36.199, “The host_cache Table”.
The server handles entries in the host cache like this:
When the first TCP client connection reaches the server from a given IP address, a new entry is created to record the client IP, host name, and client lookup validation flag. Initially, the host name is set to
NULLand the flag is false. This entry is also used for subsequent client connections from the same originating IP.
If the validation flag for the client IP entry is false, the server attempts an IP-to-host name DNS resolution. If that is successful, the host name is updated with the resolved host name and the validation flag is set to true. If resolution is unsuccessful, the action taken depends on whether the error is permanent or transient. For permanent failures, the host name remains
NULLand the validation flag is set to true. For transient failures, the host name and validation flag remain unchanged. (Another DNS resolution attempt occurs the next time a client connects from this IP.)
If an error occurs while processing an incoming client connection from a given IP address, the server updates the corresponding error counters in the entry for that IP. For a description of the errors recorded, see Section 188.8.131.52, “The host_cache Table”.
The server performs host name resolution using the thread-safe
gethostbyname_r() calls if the operating
system supports them. Otherwise, the thread performing the
lookup locks a mutex and calls
gethostbyname() instead. In this case, no
other thread can resolve host names that are not in the host
cache until the thread holding the mutex lock releases it.
The server uses the host cache for several purposes:
By caching the results of IP-to-host name lookups, the server avoids doing a DNS lookup for each client connection. Instead, for a given host, it needs to perform a lookup only for the first connection from that host.
The cache contains information about errors that occur during the connection process. Some errors are considered “blocking.” If too many of these occur successively from a given host without a successful connection, the server blocks further connections from that host. The
max_connect_errorssystem variable determines the number of permitted errors before blocking occurs. See Section B.5.2.5, “Host 'host_name' is blocked”.
It is possible for a blocked host to become unblocked even
FLUSH HOSTS if activity
from other hosts has occurred since the last connection
attempt from the blocked host. This can occur because the
server discards the least recently used cache entry to make
room for a new entry if the cache is full when a connection
arrives from a client IP not in the cache. If the discarded
entry is for a blocked host, that host becomes unblocked.
The host cache is enabled by default. To disable it, set the
variable to 0, either at server startup or at runtime.
To disable DNS host name lookups, start the server with the
--skip-name-resolve option. In
this case, the server uses only IP addresses and not host
names to match connecting hosts to rows in the MySQL grant
tables. Only accounts specified in those tables using IP
addresses can be used. (Be sure that an account exists that
specifies an IP address or you may not be able to connect.)
If you have a very slow DNS and many hosts, you might be able
to improve performance either by disabling DNS lookups with
--skip-name-resolve or by
increasing the value of
host_cache_size to make the
host cache larger.
To disallow TCP/IP connections entirely, start the server with
Some connection errors are not associated with TCP
connections, occur very early in the connection process (even
before an IP address is known), or are not specific to any
particular IP address (such as out-of-memory conditions). For
information about these errors, check the
status variables (see
Section 5.1.7, “Server Status Variables”).