| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | "dennisr(at)visi(dot)com" <dennisr(at)visi(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-admin(at)postgresql(dot)org, Scott Whitney <scott(at)journyx(dot)com> |
| Subject: | Re: Are dns CNAME's allowed or useable in pg_hba.conf hostname specification |
| Date: | 2016-12-08 13:55:20 |
| Message-ID: | f8435582-03ec-88ed-a67a-ef707b527e34@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On 12/5/16 7:09 PM, dennisr(at)visi(dot)com wrote:
> My preference is to use a network address for this stuff but I was over ruled and needed to use a host specific name or address in the config file. I wanted to use a CNAME in place of the A or PTR records so as in the event we ever have to rebuild a new WAL receiver, I would only need to repoint the CNAME in the DNS system and avoid the possibility of updating a few hundred pg_hba.conf’s with a new IP address or hostname (this is a private cloud environment I am working with so I don’t have a lot of control over hostnames of the nodes they give me or even the networks the node is placed in.)
Note that the IP addresses in pg_hba.conf are not really by themselves a
primary security measure, because the source IP addresses in the same
network are (potentially) under control of the source host. Their
purpose is rather to allow different classes of hosts to use different
authentication mechanisms. For example, newer hosts might use SSL,
older hosts passwords.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sreekanth Palluru | 2016-12-09 00:46:07 | Would like to below scenario is possible for getting page/block corruption |
| Previous Message | Sreekanth Palluru | 2016-12-08 03:50:25 | Re: [ADMIN] ERROR invalid page header in block xxx of relation base/xxxxx/xxxxx/ |