How to get PostgreSQL to use internal DNS resolution

0

I have two PostgreSQL RDS databases in different regions and would like database A (us-south-1) to be able to query database B (us-west-1) using PostgreSQL's dblink functionality.

I have set up a VPC peering connection between the two VPCs, updated the route tables, enabled DNS resolution over the peering connection, and updated the security groups accordingly.

However when I try to connect to database B from database A using dblink the connection times out:

select dblink_connect('database-b','host=database-b.xxxyyyzzz.us-west-1.rds.amazonaws.com port=5432 dbname=dbname user=username password=password);

I have verified that the issue is not with the peering connection or the security groups, because the connection works fine when I connect using database B's internal IP address:

select dblink_connect('database-b','host=10.1.2.3 port=5432 dbname=dbname user=username password=password);

So the issue appears to be that within the PostgreSQL instance, it is not resolving database-b.xxxyyyzzz.us-west-1.rds.amazonaws.com to the internal VPC IP address. Strangely enough, if I connect to an EC2 instance in the same ap-south-1 VPC, it does resolve this correctly to the internal VPC IP address.

Is there anything I can do to make PostgreSQL resolve using the internal address like the EC2 instance does?

2 Answers
1

One option might be to add an RDS proxy in your VPC and connect to it from PostgreSQL. The proxy's DNS name would always resolve to private IPs, while the host database would remain publicly accessible. https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy.html

EXPERT
Leo K
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago
profile picture
EXPERT
reviewed 2 months ago
  • Thanks, I'll investigate this, but it does seem a bit silly to pay and extra 20+ USD per month just to get internal name resolution when the databases are otherwise connected perfectly fine 😞

0

Is the RDS database publicly accessible? If so, the DNS name will resolve to its public IPs when queried from the outside. Since you're accessing it from inside your VPC or otherwise internally via VPC peering connections, the simplest option would be to disable the "publicly accessible" option for the RDS database. That would cause its DNS name to resolve to its private IPs regardless of where the name is queried from.

EXPERT
Leo K
answered 2 months ago
  • It is publicly accessible but needs to be for other uses, so I can't disable that unfortunately. The EC2 instance successfully resolves the host name to the internal IP address though (despite it being publicly accessible), so it should be possible for the RDS instance to do the same shouldn't it?

  • The RDS database doesn't actually reside in your VPC. It lives in an AWS-owned account and VPC and only extends a network interface in your VPC, so that it becomes internally accessible. I believe the DNS queries made by the database therefore originate in the AWS-owned VPC and follow the configuration there and not the configuration of your VPCs.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions