16. Juni 2023 21:54, "Francisco Olarte" <fola...@peoplecall.com> schrieb:
> Michael: > > On Fri, 16. Juni 2023 at 13:53, brainmue <brain...@weiller.eu> wrote: > >> Because with iptables or netfilter I can't forward TCP packets based on the >> DNS alias name. Or is >> that possible? > > The dns alias name does not reach the listening tcp socket, it is > mapped to the target record, then finally to the A record and this is > what is used to start the tcp connection. > >> I have the same problem with nginx. > > In nginx you cannot use the dns alias, but if you are using http the > "normal" clients send it as host when they open an url. But there is > no "host" parameter in the pg protocol. There is a dbaname, which can > be used with the adequate software, like pgbouncer, but you said you > do not like it. > > You may try to write a small program which parses the startup message > and redirects the connection based on the info there. I'm not sure why > pgbouncer has not this option, but it may be because it has a lot more > option. It does not seem to be that difficult, receive the packet, > parse it, connect to remote, send it the packet and from there on just > forward traffic blindly. Parsing startup seems quite simple, > maintaining a socket pool and forwarding is simple, you could probably > prototype that in an afternoon ( if no guru replies me "but this won't > work because .... ). > >> I just looked in the documentation again but I can't find a way to >> distinguish which cluster to >> forward to based on the DNS alias. > > As I asaid above, DNS alias is not avalilable to the listener. On any > protocol. Things like http work because the clients send the dns alias > on some place on the default usage, but you can write an http client > which sends Host: from the uri given but connects to a different IP > address. > > Francisco Olarte. Thank you for the detailed explanations. I could not have explained it but it also seemed strange to me that it should go that way. pgbouncer I will definitely look again carefully. Maybe I already have my solution with it. Regards Michael
