Re: TCP/IP with 7.4 beta2 broken?

Bruce Momjian wrote:

>Andrew Dunstan wrote:
>  
>
>>We currently have this in the default pg_hba.conf file:
>>
>>  host all all 127.0.0.1 255.255.255.255 trust
>>
>>The idea was to have something which would perform equivalently on IP4 
>>only, IP4 over IP6 and pure IP6 connections, without breaking the 
>>postmaster host in any of them.
>>
>>It is perfectly true that it could be mangled by the administrator - 
>>this would save him/her having to do so for the default case. In my 
>>proposal you would replace this default line with:
>>
>>  loopback all all trust
>>
>>It's the fact that it is the default that makes it special. Does that 
>>make things clearer?
>>    
>>
>
>We have avoided doing dns lookups from pg_hba.conf, and hence the use of
>127.0.0.1 instead of localhost.  Now that we cache pg_hba.conf, we could
>consider allowing hostnames in pg_hba.conf.  Is that a TODO?
>
>As for the IPv6 issue --- how prevalent is this problem.  What OS
>versions are affected?  Has the user done something special to enable
>this?
>
>  
>
These are orthogonal issues. What I have suggested above would work 
purely at the address level, without any name lookup.

Systems (e.g. SUSE) are shipping with IP6 turned on by default - that's 
how this came up in the first place.

DNS lookups were discussed back in May, but there didn't seem to be a 
nice way to do it in conjunction with netmasks, so I didn't proceed with 
it after I did CIDR masks.

If someone can suggest good semantics and there is demand for it I can 
look at it again (or someone else can).

cheers

andrew