I have defined a MariaDB user test@localhost and I have skip-name-resolve
ON as recommended for performance reasons.
I'm able to connect with -hlocalhost -P3306
and so is my web application using the hostname "localhost".
If I attempt to connect via an SSH tunnel to "localhost" I receive the error that 'test'@'127.0.0.1' can't connect (as that user and host isn't defined).
In all three situations I've requested to connect to "localhost" from the same machine and for connections established from the server directly this appears to work. So why am I presenting to MariaDB as 127.0.0.1 via the SSH tunnel?
Supplementary question: Is there actually any point in enabling skip-name-resolve
for this setup as from what I can see my web app is presenting itself as "localhost" and so there is no resolving going on and the only thing it's doing is preventing 127.0.0.1 being resolved to localhost when connecting via an SSH tunnel?
CentOS 7.6, MariaDB 5.5.64
Best Answer
All connections that were being made on the server to "localhost" were indeed using the Unix Domain Socket and authenticating with the
test@localhost
user.I confirmed this with some tests:
The connection via the SSH tunnel was using TCP and as
skip-name-resolve
was ON was trying to login astest@127.0.0.1
rather thantest@localhost
.Since my applications are running on the same server as the database and configured to connect to localhost/UDS, I see no benefit of turning
skip-name-resolve
ON as this just causes an additional problem when attempting to connect via the SSH tunnel to "localhost".