Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to prevent Reverse DNS Lookup with PDO-connect per IP-address?

Tags:

php

mysql

pdo

dns

I try to connect via PDO to another database server (MySQL) per IP-address.

$db = new PDO('mysql:host=IP-ADDRESS;dbname=AAA', 'USER', 'XXXXX');

I faked IP-address and user here, this is not the error ;)

But for whatever reason, PDO is going to make some crazy reverse DNS lookups and ends up connecting to a completely different server, which has another IP-address and other domains assigned per A-records as the reverse dns lookup from PDO will find here.

PDO throws the specific exception:

SQLSTATE[28000] [1045] Access denied for user 'USER'@'WWW.ANOTHER-SERVER.COM'

While connecting in the terminal via mysql-client, everything is working as expected.

  1. How can I avoid that PDO makes a reverse DNS lookup?
  2. How can I tell PDO that it should connect per IP-address given in the parameters ?
  3. How can it be, that this reverse DNS lookup is so wrong ?

There are no specific entries in /etc/hosts, which could be the root cause for that.

like image 617
itinance Avatar asked Jan 19 '26 04:01

itinance

1 Answers

PHP/PDO machine:

PDO will never to a reverse lookup. It will do a forward lookup, and then connect to that IP.

You should be able to see that, being root at the PHP/PDO machine, running

tcpdump -i ethsomething -n -s 1500 -xX port 3306

Which IP number is shown here when the PDO tries to connect?

MySQL machine:

MySQL will never know what the host name was under which you tried to reach it. The server will see an incoming request, do a getpeername() on the socket, yielding an IP number.

The server will then do a reverse lookup of that IP by default. You can turn this off by putting

[mysqld]
skip-name-resolve

into your my.cnf file and restarting the server.

When MySQL is configured to do the reverse lookup, it will try to do so. If that fails, it will take 5 to 30 seconds on a connect attempt waiting for a DNS response before the server gives up.

If the reverse lookup succeeds, MySQL will go into the mysql.user tables and its friends with a resolved name, user@reverse_lookup_result.

If the reverse lookup fails, or has been disabled with skip-name-resolve, MySQL will go into the mysql.user tables and friends with an unresolved name, [email protected] or similar.

That has interesting consequences:

  1. When name-resolve is on, a user may have different privileges depending on the success of the reverse lookup.

  2. When skip-name-resolve is on, entries that are not ip-numbers in mysql.user.host are useless.

like image 152
Isotopp Avatar answered Jan 20 '26 20:01

Isotopp
Sign in to Comment

Related questions

MYSQL PHP Save linebreaks in textarea for later display
Jquery set enter key textarea in My Code
Counting how many times a image is being served from server?
Is there a more efficient method than transactions?
PHP crop and resize image on the fly
Can you use $_GET variables when including a file in PHP? Is it possible, even from an AJAX call?
Friendly php URL for multiple languages using htaccess file (detect language from URL)
Which is better practice? Getting HTML from Jquery Response
Replace repeated characters regular expression
How to display the comments_template with a shortcode, in Wordpress?
Handle session timeout when loading data through ajax with jquery DataTables
how to get full path of uploaded file in php?
Which is a right safe MySQLi query? [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!