diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml
index 05a31a9..e29e105 100644
--- a/roles/mariadb/tasks/main.yml
+++ b/roles/mariadb/tasks/main.yml
@@ -51,7 +51,7 @@
   tags: mariadb
 
 - name: Create MariaDB user(s)
-  mysql_user: name={{ item.user }} password={{ item.pass }} priv={{ item.name }}.*:ALL state=present
+  mysql_user: name={{ item.user }} password={{ item.pass }} priv={{ item.name }}.*:ALL host=127.0.0.1 state=present
   loop: "{{ mariadb_databases }}"
   when: mariadb_databases is defined
   tags: mariadb
diff --git a/roles/mariadb/templates/my.cnf.j2 b/roles/mariadb/templates/my.cnf.j2
index eff6a3e..8e0f1dd 100644
--- a/roles/mariadb/templates/my.cnf.j2
+++ b/roles/mariadb/templates/my.cnf.j2
@@ -47,6 +47,10 @@ skip-external-locking
 # Instead of skip-networking the default is now to listen only on
 # localhost which is more compatible and is not less secure.
 bind-address		= 127.0.0.1
+
+# don't resolve connection IPs to hostnames (make sure user accounts are using
+# IPs instead of "localhost")
+skip-name-resolve=1
 #
 # * Fine Tuning
 #