List:General Discussion« Previous MessageNext Message »
From:Ian Meyer Date:February 17 2005 5:43pm
Subject:Re: MySQL and DNS problem
View as plain text  
Michael Dykman wrote:
> On Thu, 2005-02-17 at 12:21, Ian Meyer wrote:
> 
>>Michael Dykman wrote:
>>
>>>On Thu, 2005-02-17 at 10:41, Ian Meyer wrote:
>>>
>>>
>>>>Hello everyone,
>>>>
>>>>We have a few MySQL servers (4.1.8) running on RedHat ES3. We're having 
>>>>problems when trying to use hostnames in the grant command.
>>>>
>>>>Example:
>>>>create database blah;
>>>>grant all on blah.* to 'user'@'host' identified by 'xxxx';
>>>>(also have used the FQDN instead of just host)
>>>>
>>>>When trying to connect, it fails with the message:
>>>>'MySQL Error Number 1045
>>>>Access denied for user 'user'@'192.168.2.103' (using password: YES'
>>>>
>>>>Our DNS servers have correct forward and reverse entries for all of our 
>>>>machines. I read the docs about MySQL and DNS, but I still can't figure 
>>>>this out.
>>>>
>>>>Thanks,
>>>>Ian
>>>
>>>
>>>Instead, try determining what the ips the host names resolve to (not the
>>>other way around)  If you are GRANTing to someone@foo , you want to make
>>>sure that when the machine 'foo' connects, it is connecting as the same
>>>ip address the 'foo' resolves to when the server looks it up
>>>
>>>for example,
>>>	$ host foo
>>>might translate to foo.domain.com -> 20.20.20.21 [external ip]
>>>but foo is connecting as 192.168.1.21 [internal ip]
>>>and Mysql will reject the connection.
>>>
>>
>>This is all internal, so that isn't an issue. See my 2nd or 3rd reply 
>>for additional `host` information for the hosts I'm trying to connect with.
> 
> 
> your right, I had noticed the reverse lookup but didn't see the
> forward..
> 
> I note that the lookup finds an address for the fully qualified domain
> name, not just the lowest-level..  
> 
> if  host resolves to host.domain.com resolves to 'someip' and you are
> granting to host, it might be that mysql (very wisely and safely)
> chooses not to attempt the resolution with additional qualifications
> (domain.com).  Perhaps if your GRANT was to the fully qualified name
> MySQL could match it to the incoming address unambiguously?
> 

Tried the FQDN like 'user'@'thishost.domain.com' and it still didn't work.

I'll do the source deal after lunch and let y'all know what the story 
is. Thanks so far for your help.

Ian

Thread
MySQL and DNS problemIan Meyer17 Feb
  • Re: MySQL and DNS problemMichael Dykman17 Feb
    • Re: MySQL and DNS problemIan Meyer17 Feb
      • Re: MySQL and DNS problemMichael Dykman17 Feb
        • Re: MySQL and DNS problemIan Meyer17 Feb
  • Re: MySQL and DNS problemJeff Smelser17 Feb
    • Re: MySQL and DNS problemIan Meyer17 Feb
      • Re: MySQL and DNS problemJeff Smelser17 Feb
        • Re: MySQL and DNS problemIan Meyer17 Feb
          • Re: MySQL and DNS problemJeff Smelser17 Feb
RE: MySQL and DNS problemTom Crimmins17 Feb
  • Re: MySQL and DNS problemIan Meyer17 Feb
RE: MySQL and DNS problemTom Crimmins17 Feb
  • Re: MySQL and DNS problemIan Meyer17 Feb
RE: MySQL and DNS problemJohn Trammell17 Feb
  • Re: MySQL and DNS problemIan Meyer17 Feb