Re: host name support in pg_hba.conf

Peter Eisentraut <peter_e@gmx.net> wrote:
> Yeah, you can configure all kinds of nonsense and sometimes even
> get away with it, but the basic assumption throughout is that a
> system has one host name and between 1 and many IP addresses.
It's hardly nonsense to have multiple names on a machine.  While we
usually avoid having multiple reverse lookup names, we have many
in-house web applications and we neither want users to access them
by IP address or have to worry about which web server is hosting
which applications at the moment.  So it's not unusual for one of
our web servers to have 10 or 15 DNS names for forward lookup.  If
one machine becomes overloaded, we can move an application, change
the DNS, and everyone's bookmark still works.  This is precisely the
sort of situation where using a hostname in pg_hba.conf would be
most useful.
> We must make our implementation robust again other setups, but we
> don't have to (or rather cannot) support them.
Without the logic to ensure that the hostname matches the reverse
lookup, this might be useful for us.  With that logic it is useless
for us.  I'm wondering how much you gain by having it in there.  Why
can't a forward lookup which matches the requesting IP be considered
sufficient?
-Kevin