1

I have a host with a database installed on it. In order to access the database, the clients use a DNS Alias (CNAME) - AliasOne - and the database port.

DNS Aliases are managed by colleagues in another department.

I had to request a more explicit alias - AliasTwo - for the same host.

Now: I need to delete AliasOne : how can I check which Alias is used to connect on the host/to the database ?

  • I don't get this information in the database logs.

  • I tried to create an iptables rule :

iptables -A INPUT -p tcp -s AliasOne --dport 3306 -j LOG --log-prefix "AliasOne: " --log-tcp-options --log-ip-options

but it translates the alias with its hostname, thus, it will also log the connection attempts of AliasTwo.

  • I didn't manage to get the answer with nslookup, dig, last. Am I using them wrong ?

Any clue anybody ? (I don't want a service interruption, so "delete and see if somebody complains" is not an option ;))

TasseDeThe
  • 13
  • 4

1 Answers1

3

Unless the protocol explicitly mandates the inclusion of a hostname in the handshake/requests you can't determine from the server which hostname the client uses to connect. The client simply connects to the ip-address that hostname or alias resolves to. (See this Q&A for more background details.)

And as far as I know MySQL does not include hostnames in the handshake https://dev.mysql.com/doc/internals/en/connection-phase.html

One work-around may be to configure the server (temporarily) with an extra ip-address and point each hostname/alias to a different ip-address and then the ip-address used will determine the hostname used. Alternatively monitor your DNS servers and register lookups for the deprecated alias.

HBruijn
  • 72,524
  • 21
  • 127
  • 192
  • thanks for the explanation. I though I could do it with standard CLI commands but the solution with a temporary host, and an iptables packets forward + logging did the job. – TasseDeThe Jan 30 '19 at 15:59