I hacked the Makefile so that it would recompile it with
-debug on the version. I started it with "--debug" as part of the
extra args passed to safe_mysqld. It started, and created a
/tmp/mysqld.trace where its logging to.
So far, no one with a broken reverse DNS has tried to
contact the server.... However, me with a good reverse but no
authority via the /etc/hosts.allow has gone against it 5 or
6 times, and the log doesn't even show any evidence.
If it isn't showing any sort of logging of my illegal
attempt, I'm concerned it will not show any attempts from the
hosts that are causing the problems.
> To make the suggestions, we should have enough amount of information.
> If your MySQL server isn't heavy loaded, create a trace file and find
> out the place where the new connections hang. See:
> Tuc at T-B-O-H <ml@stripped> wrote:
> >> Hello.
> >> In my opinion, we're a little kinked in this issue. Let's start over.
> > :( Sorry. I've been told by the GF that I have a habit of
> > doing it to her too.
> >> In one of your posts you mentioned that the server runs lots
> >> of other services besides the database.
> > Yes, according to my runbook, the server :
> > 1) Is an NFS server to 4 other servers for web traffic
> > and logging.
> > 2) Is the primary MX server for 7 domains (About 100
> > emails a day)
> > 3) Runs a Listproc for 4 mailing lists (About 5 messages
> > a day to 60 people)
> > 4) Runs MySQL (Approx 98 queries per hour)
> > 5) Runs Seti@Home (2 processes)
> > 6) Runs an IMAP Server for 1 user who logs on 5-10
> > minutes a day
> > The server pushes about 120kb/s a second
> > according to MRTG for all that.
> >> Why do you think that
> >> the cause of the server's weird behavior is MySQL?
> > Maybe I wasn't clear about it. The server is running
> > perfectly. I'm running SETI on it since its normally bored out
> > of its ever loving mind. When someone with a missing or bad
> > reverse DNS (PTR) record attempts to connect to the MySQL
> > server, any other connection via either the socket or the
> > TCP socket ends up blocking and waiting. Every other service
> > on the machine is fine, but MySQL becomes completely
> > unresponsive. When I said "DOS", I meant only against MySQL.
> > The rest of the machine is fine to process anything it wants.
> >> Is server still
> >> working, but you are unable to reach it through the network, or it
> >> is completely hung?
> > No other services are affected, only attempts to connect
> > to MySQL via the socket or TCP. This makes what little access there
> > is to the database (A searchable orchid database) stop, and monitoring
> > detects it down and pages out.
> > Thanks, Tuc
> >> >>
> >> >>
> >> > So if thats the way (FreeBSD ports), then besides the already
> >> > changing to pure IP, is there any other ways to stop the DOS?
> >> >
> >> > Thanks, Tuc
> >> >
> For technical support contracts, goto https://order.mysql.com/?ref=ensita
> This email is sponsored by Ensita.NET http://www.ensita.net/
> __ ___ ___ ____ __
> / |/ /_ __/ __/ __ \/ / Gleb Paharenko
> / /|_/ / // /\ \/ /_/ / /__ Gleb.Paharenko@stripped
> /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.NET
> <___/ www.mysql.com
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe: http://lists.mysql.com/mysql?unsub=1