Re: host name support in pg_hba.conf

KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> writes:
>> Note that we already default listen_addresses to 'localhost', so it
>> would only make sense to have pg_hba.conf behave the same by default.
>> To pick up on your argument, we effectively *do* make assumptions
>> about /etc/hosts now, and this change would remove them.
>>
> Sorry, I misread something.
> I read the previous discussions again, then I know I misread the reason
> why Robert disagreed with this replacement. He said we should not assume
> resolve of localhost being enough fast because of local /etc/hosts, not
> saying we should not assume localhost is "127.0.0.1" or "::1". Right?

> Well, in my personal opinion, we should not assume the way to resolve
> localhost, but we can expect more than 99.9% of hosts resolve localhost
> using local /etc/hosts. Even if here is a curious setting, it will pay
> a bit more cost on connection. It is a responsibility of DBA.

> I agree with replacement "127.0.0.1" and "::1" by "localhost".
> It enables to eliminate an assumption that localhost have either of
> their addresses.

This argument is completely unfounded in reality. Please go read the
relevant RFCs. 127.0.0.1 is standardized as the IPv4 loopback address
(see RFC3330), and ::1 is standardized as the IPv6 loopback address (see
RFC1884 section 2.4.3). So far as I can find, there is *no* standard
mandating that localhost means the loopback address. RFC1537 suggests
that DNS domains "should" resolve localhost.anything as 127.0.0.1; but
that is a lot weaker than the other specifications, and there's nothing
whatever to promise that it will work in a DNS-less environment.

In fact, we have seen cases where it didn't work even with publicly
available DNS servers, eg
http://archives.postgresql.org/pgsql-admin/2010-05/msg00073.php

That example leads me to think that using localhost in the default
pg_hba.conf file would actually be a security hazard: you would be
placing it in the hands of your DNS provider as to which addresses
Postgres will believe are "local" connections. That's an OK decision
for individual admins to make, but it's not a good idea for us to ship
it as a universal default. (Note that relying on the DNS provider to
interpret listen_addresses is not nearly as dangerous, since in any case
the kernel isn't going to let us bind() to nonlocal addresses.)

On top of that, there's no way for your DNS server to know whether your
local kernel speaks IPv6 or not, so you might not get a resolution of
the name that includes the appropriate loopback addresses. This may or
may not have anything to do with the reports we occasionally get of
people having to change listen_addresses to "*" to get things to work.

Between these issues and the speed concern, I don't think that we should
change this.

regards, tom lane