Re: Why don't we allow DNS names in pg_hba.conf?

Mark Woodward wrote:

>>Mark Woodward wrote:
>>
>>
>>
>>>>Added to TODO:
>>>>
>>>> o Allow pg_hba.conf to specify host names along with IP
>>>>addresses
>>>>
>>>> Host name lookup could occur when the postmaster reads the
>>>> pg_hba.conf file, or when the backend starts. Another
>>>> solution would be to reverse lookup the connection IP and
>>>> check that hostname against the host names in pg_hba.conf.
>>>> We could also then check that the host name maps to the IP
>>>> address.
>>>>
>>>>
>>>>
>>>>
>>>I'm not so sure you need to be paranoid about it. The scenario is, at
>>>startup or HUP, names are looked up and stored as IP addresses. Then hba
>>>works as it is supposed too.
>>>
>>>
>>>
>>>
>>If you do it like that you destroy the only real use case I can see for
>>this that has much value, namely to handle cases where the address can
>>change dynamically.
>>
>>
>
>How "dynamically" are you talking about?
>
>If you are using a DNS server, what is your TTL on the records? A simple
>-HUP once every half hour is more than sufficient. If you are using ssh to
>update the hosts file, adding a simple -HUP tp the script is not a big
>deal.
>
>
>

If I am a road warrior I want to be able to connect, run my dynamic dns
client, and go.

HUPing the postmaster every 30 minutes sounds horrible, and won't work
for what strikes me as the scenario that needs this most. And we surely
aren't going to build TTL logic into postgres.

I repeat - let's do this the simple way.

cheers

andrew