Stack Exchange Network

Stack Exchange network consists of 183 Q&A communities including Stack Overflow , the largest, most trusted online community for developers to learn, share their knowledge, and build their careers. Visit Stack Exchange

Database Administrators Stack Exchange is a question and answer site for database professionals who wish to improve their database skills and learn from others in the community. It only takes a minute to sign up.

Sign up to join this community

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Learn more about Teams

On not public server: Host name example.com could not be resolved: Name or service not known

Ask Question

This is not a duplicate (please read carefully)

Digging in mysql logs of a production server I found a few entries with the error above, all pointing to the same host name. Each entry appears ~30 seconds right after mysql starts. There is also no record of the hostname in mysql.user table

I would not be surprised if mysql was exposed to public internet but it is not. The port is blocked by lfd/iptables and explicitly allowed for a few public/private IP addresses.

MySQL's skip_name_resolve is not enabled, since I need hostname resolution for a few VPN servers.

Where these entries may be coming from? The server is WHM/CPanel, MySQL 5.6.21

What about the other tables in the "mysql" database (like "db" or "procs_priv"?) What if you set "log-warnings = 2" in my.cnf? What if you "nslookup" all the connected clients that show an UP address from SHOW FULL PROCESSLIST; (perhaps there's a reverse entry but not a forward entry in DNS). – Michael - sqlbot Jan 28, 2015 at 12:45 Hi Michael. I can't see anything suspicious in other tables or SHOW FULL PROCESSLIST; I'll try log-warnings and report back. It's really odd as the domain is not actually registered. – WooDzu Jan 28, 2015 at 19:47 Regarding the processlist... check the IP addresses seen there and do "nslookup" on them from the MySQL server itself and see if one of them resolves back to that address (even though it doesn't make sense that it would). – Michael - sqlbot Jan 28, 2015 at 20:36 Aha! That was it. It turned up to be a slave replication server which we spinned in the same datacenter. Big relief! Thank you – WooDzu Jan 28, 2015 at 20:54

When --skip-name-resolve isn't in specified, the IP address of incoming connections is resolved into a name via a DNS query...

However, there isn't just one DNS query, because the existence of a reverse DNS entry (e.g. a PTR record 203.0.113.113 → foo.example.com) is not sufficient for hostname-based authentication -- anybody could change a reverse DNS entry to claim to be any hostname they wanted.

So there's a second query that occurs.

Once the hostname is resolved, there's an additional DNS lookup in the opposite direction, to verify that the hostname discovered in the first DNS query, foo.example.com, does indeed map to an A record that resolves back to the original IP address (e.g an A record foo.example.com → 203.0.113.113).

In this case, the IP address mapped to a hostname, but the hostname did not map back to the original IP address.

http://dev.mysql.com/doc/refman/5.6/en/host-cache.html

Thanks for contributing an answer to Database Administrators Stack Exchange!

• Please be sure to answer the question . Provide details and share your research!

But avoid …

• Asking for help, clarification, or responding to other answers.
• Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers .