Re: Why don't we allow DNS names in pg_hba.conf?

Yes, it would be good to implement this. A warning about security and
(possible) slow connections due to name resolution issues should be placed in
the docs.
Regards

paolo

elein <elein(at)varlena(dot)com> ha scritto

> I also support this change. My clients have tended to move
> machines and networks around a lot as well as move databases from machine
> to machine. It would be nice to let the network gurus concentrate
> on getting the dns servers up and correct and leverage that
> work instead of having to change pg_hba.conf when these changes
> occur.
>
> elein
> elein(at)varlena(dot)com
>
> On Sun, Jan 01, 2006 at 01:30:46PM -0500, Tom Lane wrote:
> > I was reminded of $subject by
> > http://archives.postgresql.org/pgsql-admin/2006-01/msg00002.php
> >
> > While I haven't tried it, I suspect that allowing a DNS host name
> > would take little work (basically removing the AI_NUMERICHOST flag
> > passed to getaddrinfo in hba.c). There was once a good reason not
> > to allow it: slow DNS lookups would lock up the postmaster. But
> > now that we do this work in an already-forked backend, with an overall
> > timeout that would catch any indefinite blockage, I don't see a good
> > reason why we shouldn't let people use DNS names.
> >
> > Thoughts?
> >
> > regards, tom lane
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 9: In versions below 8.0, the planner will ignore your desire to
> > choose an index scan if your joining column's datatypes do not
> > match
> >
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faq
>