Quick Links

Re: Are dns CNAME's allowed or useable in pg_hba.conf hostname specification

From:	Scott Whitney <scott(at)journyx(dot)com>
To:	"dennisr(at)visi(dot)com" <dennisr(at)visi(dot)com>, "pgsql-admin(at)postgresql(dot)org" <pgsql-admin(at)postgresql(dot)org>
Subject:	Re: Are dns CNAME's allowed or useable in pg_hba.conf hostname specification
Date:	2016-12-05 21:56:40
Message-ID:	BY1PR11MB0390734F0F24454DE44844CFA7830@BY1PR11MB0390.namprd11.prod.outlook.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-admin

Honestly, if your DNS is properly setup, it should work fine, yes.

________________________________
From: pgsql-admin-owner(at)postgresql(dot)org <pgsql-admin-owner(at)postgresql(dot)org> on behalf of dennisr(at)visi(dot)com <dennisr(at)visi(dot)com>
Sent: Monday, December 5, 2016 3:49 PM
To: pgsql-admin(at)postgresql(dot)org
Subject: [ADMIN] Are dns CNAME's allowed or useable in pg_hba.conf hostname specification

From reading the doc's it looks like a CNAME will not in general work as a hostname specification in pg_hba.conf. Is that a correct interpretation of the the documentation?

From the doc's (https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html

If a host name is specified (anything that is not an IP address range or a special key word is treated as a host name), that name is compared with the result of a reverse name resolution of the client's IP address (e.g., reverse DNS lookup, if DNS is used). Host name comparisons are case insensitive. If there is a match, then a forward name resolution (e.g., forward DNS lookup) is performed on the host name to check whether any of the addresses it resolves to are equal to the client's IP address. If both directions match, then the entry is considered to match. (The host name that is used in pg_hba.conf should be the one that address-to-name resolution of the client's IP address returns, otherwise the line won't be matched. Some host name databases allow associating an IP address with multiple host names, but the operating system will only return one host name when asked to resolve an IP address.)

--
Sent via pgsql-admin mailing list (pgsql-admin(at)postgresql(dot)org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

Journyx, Inc.
7600 Burnet Road #300
Austin, TX 78757
www.journyx.com

p 512.834.8888
f 512-834-8858

Do you receive our promotional emails? You can subscribe or unsubscribe to those emails at http://go.journyx.com/emailPreference/e/4932/714/

In response to

Are dns CNAME's allowed or useable in pg_hba.conf hostname specification at 2016-12-05 21:49:26 from dennisr@visi.com

Responses

Re: Are dns CNAME's allowed or useable in pg_hba.conf hostname specification at 2016-12-05 22:39:17 from David G. Johnston
Re: Are dns CNAME's allowed or useable in pg_hba.conf hostname specification at 2016-12-05 23:05:59 from dennisr@visi.com

Browse pgsql-admin by date

	From	Date	Subject
Next Message	David G. Johnston	2016-12-05 22:39:17	Re: Are dns CNAME's allowed or useable in pg_hba.conf hostname specification
Previous Message	dennisr@visi.com	2016-12-05 21:49:26	Are dns CNAME's allowed or useable in pg_hba.conf hostname specification