Home > mailing lists

Re: TODO Item: Allow pg_hba.conf to specify host names along with IP addresses - Mailing list pgsql-hackers

From	Andreas 'ads' Scherbaum
Subject	Re: TODO Item: Allow pg_hba.conf to specify host names along with IP addresses
Date	June 15, 2008 17:22:39
Msg-id	20080615192308.7bc64ea5@iridium.wars-nicht.de Whole thread Raw
In response to	Re: TODO Item: Allow pg_hba.conf to specify host names along with IP addresses (Alvaro Herrera <alvherre@commandprompt.com>)
List	pgsql-hackers

Tree view

On Fri, 13 Jun 2008 16:14:13 -0400 Alvaro Herrera wrote:

> Andrew Sullivan wrote:
> 
> > This is because DNS RRs have a TTL on them, so looking up the host at
> > any moment other than when you're actually doing the authentication is
> > prone to error.
> 
> Perhaps the solution to this problem is to do the lookups and store the
> TTL of each answer.  At the time of actually checking you need only get
> a new answer for those that expired.

That's too much overhead in the postmaster.
A better way would be some documentation how one can improve the DNS
performance, like using an external DNS cache ect.

I would also like to see a note that the DNS lookup could seriously
slow down the authentication process.

Kind regards

--             Andreas 'ads' Scherbaum
German PostgreSQL User Group

pgsql-hackers by date:

From: Tom Lane
Date: 15 June 2008, 03:09:55
Subject: Re: SSL configure patch

From: Alvaro Herrera
Date: 15 June 2008, 19:44:00
Subject: Re: typedefs for indent

Re: TODO Item: Allow pg_hba.conf to specify host names along with IP addresses - Mailing list pgsql-hackers

Previous

Next