On Tue, Aug 14, 2018 at 03:18:32PM -0400, Garick Hamlin wrote:
> On Tue, Aug 14, 2018 at 12:24:32PM +0200, Fabien COELHO wrote:
> > I read the rational of the host/hostaddr artificial mapping. I cannot say
> > I'm thrilled with the result: I do not really see a setting where avoiding a
> > DNS query is required but which still needs a hostname for auth... If you
> > have GSSAPI or SSPI then you have an underlying network, in which a dns
> > query should be fine.
>
> FWIW, I think this is useful even it will be uncommon to use. I run
> some HA services here and I find I use this kind of functionality all
> the time to test if a standby node functioning properly. openssh
> GSSAPIServerIdentity does this. curl does this via '--resolve'. In
> both cases one can check the name authenticates properly via TLS or
> GSSAPI while connecting to an IP that is not production.
+1
curl's --resolve is a fantastic diagnostic tool. I wish it also allowed
changing the destination port as well.
While I'm at it, I strongly prefer using postgresql: URIs to any other
way to specify connect info, and I think PG should do more to encourage
their use -- perhaps even deprecating the alternatives.
Nico
--
