3

I am running a mariadb instance in a docker container. It is connected to a custom bridge network. Let's call it db_net here. Now I want to connect to mariadb from another container connected to the same network.

I can ping the mariadb container from the other container with ping mariadb.db_net. It resolves to some 172.x.x.x IP.

Setting up the grant table in mariadb with numeric IPs works. But obviously these may change in a modified setup. I also would like to avoid using all wildcards (e.g 172.%.%.%) since other containers may also use the same mariadb instance.

Using the symbolic host name (name.db_net) in the grants table fails.

What is the recommended way to solve this? Using all wildcards in the host field and relying on other isolation mechanisms of course works, but it seems like doing that I give up a layer of security that would be desirable.

user52366
  • 1,035
  • 1
  • 10
  • 21

1 Answers1

0

Sometimes embedded DNS doesn’t work fine with Linux services. The best approach is DNS to resolve hostnames to IP addresses. It can be by modifying /etc/hosts file or using a third party DNS server. This will ensure that whenever the IP address changes, database privileges still works fine.

If you choose to setup DNS server in your docker network, each container will have to be started with the option.

--dns=IP_ADDRESS

The address provided will then be written to the file /etc/resolv.conf on the docker container.

Kobi Lehrer
  • 151
  • 5
  • 1
    As written, DNS resolution works. The problem is that the MariaDB grant table expected hard-coded IP addresses, which messes up the idea of dynamics IP assignment in the Docker containers – user52366 Mar 01 '18 at 20:48