By using AWS re:Post, you agree to the Terms of Use
/Should a non-public RDS instance have a publicly resolvable DNS name?/

Should a non-public RDS instance have a publicly resolvable DNS name?

0

So, I spun up a RDS PostgreSQL database instance, and chose the 'Not Public' option. The instance was created with DNS name: pg-rds-db-instance-1.caqxluy95kpl.us-east-1.rds.amazonaws.com

Since this is not a public instance, I would expect that the DNS name is not publicly resolvable. However this is not the case. I can do a DNS lookup using multiple public websites such as MXTOOLBOX or https://toolbox.googleapps.com/apps/dig/#A/, and the DNS name resolves to an IP in my private subnet (172.16.4.87). This seems odd to me.

Is this expected behavior?

1 Answers
2

Yes, this is the expected behavior. Or at least this is how most AWS resources handler resolving their name.

It is seems like a security risk because a hacker seems to be able to find out information about the internal workings of your infrastructure but that is not necessarily the case.

You have to realize that the returned IP address is from private address ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16). These IP address ranges wil not resolve to anything when used on the internet. Pinging or tunneling to them does not work.

So the only thing exposed is something of your internal infrastructure. But you have to realize that a abuser has to know the name of the resource before he can find out the internal IP address. So the only thing you have to do is keep the name a secret as you would do with other sensitive information.

answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions