How do I use Dynamic DNS name in a MySQL User name?

StackOverflow https://stackoverflow.com/questions/8780142

  •  15-04-2021
  •  | 
  •  

Question

I have a server out in the big bad internets and I want to run a mysql client on my home system to attach to it. For obvious security reasons I want MySql server to only allow my IP address to connect. I have a dyndns.org account that keeps track of my current IP address. Comcast can of course change my IP address at any time.

so I create a user like this:

CREATE USER 'user'@'mememe.dyndns.org' IDENTIFIED BY 'changeme';
GRANT ALL PRIVILEGES ON mydata TO 'user'@'mememe.dyndns.org';

So when I try to connect to this server from my home system I get:

ERROR 1130 (HY000): Host 'c-98-234-122-18.hsd1.ca.comcast.net' is not allowed to connect to this MySQL server

Of course the host name that MySQL sees is what the RDNS lookup for the IP address was. What I want is to get it to recognize the dyndns.org name. Is there any way to do this?

If there isn't a way to do this, does this mean that I am forced to create user names with either wildcards or specific IP addresses in them?

Was it helpful?

Solution

The problem is that the comcast host name is the canonical reverse lookup name of that IP, and not your DynDNS one. What you want to do may not be possible at all in MySQL.

However, if you have your own server, how about tackling this from a different angle - allowing connections from any IP from within mySQL, but using your server's firewall to do the IP-based filtering? A full-fledged Firewall product may have more possibilities to pull something like this off.

This blog post shows a way to update iptables records from dynamic DNS hosts, for example. Maybe that is a start. Otherwise, search queries like "Linux Firewall Dyndns" or "iptables dyndns" may turn up solutions.

It might also be worth asking a separate question on Serverfault about this.

OTHER TIPS

What you want to achieve is strictly impossible, consider the event flow

  1. User connects to MySQL
  2. MySQL resolves connecting IP into hostname (c-98-234-122-18.hsd1.ca.comcast.net)
  3. MySQL looks up this (user,hostname) tuple for privileges

At no point does MySQL ever look up 'mememe.dyndns.org'.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top