Re: Why don't we allow DNS names in pg_hba.conf?

On Sun, 1 Jan 2006, Tom Lane wrote:

> I was reminded of $subject by
> http://archives.postgresql.org/pgsql-admin/2006-01/msg00002.php
>
> While I haven't tried it, I suspect that allowing a DNS host name
> would take little work (basically removing the AI_NUMERICHOST flag
> passed to getaddrinfo in hba.c). There was once a good reason not
> to allow it: slow DNS lookups would lock up the postmaster. But
> now that we do this work in an already-forked backend, with an overall
> timeout that would catch any indefinite blockage, I don't see a good
> reason why we shouldn't let people use DNS names.
>
> Thoughts?

Security?

Employee adds his DNS to pg_hba.conf, becomes disgruntled employee, moves
to different IP and same name, and can still access your database?

What about "DNS hijacking/forging"? I don't know how hard it is to do,
but if one of the upstream network provides puts in a 'filter' for port 53
(DNS) and starts feeding you incorrect data, so that they can access your
databases?

Both are relatively extreme, and in both bases, the 'attacker' would have
to have previous knowledge (ie. disgruntled ex employee) but DNS !=
trusted IP ... then again, it may be possible to hijack/forge the IP
itself, in which case, there is no difference ...

----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email: scrappy(at)hub(dot)org Yahoo!: yscrappy ICQ: 7615664