On Fri, Jun 13, 2008 at 4:30 PM, Tom Lane <[EMAIL PROTECTED]> wrote: > Andrew Dunstan <[EMAIL PROTECTED]> writes: >> The reason it wasn't done years ago was that there was disagreement on >> the way it should work. And the TODO actually lists several alternatives: > > IIRC, the major reason there was disagreement was the prospect of > unacceptable performance from any of the easy or obvious > implementations. As Andrew S notes, you can't just do the lookups > once at postmaster start; but resolving a pile of hostnames during > each connection is pretty unpleasant, especially if the DNS server > isn't local. (And then there are the effective-DOS implications if > the DNS server is down altogether.)
Yes, if DNS server is down during a init connection, or server startup, we can have problems. > The attraction of the reverse-lookup approach is that you do only > one lookup, on the actual connection IP, rather than having to > resolve every hostname in the file to see if it matches. SSH uses an approach like that. > However that way had disadvantages of its own, which I don't recall at the > moment. I think at least some of the issues had to do with security, > ie how much can you trust an answer from a remote DNS server. > Check the archives before you start implementing ... I'm seeing alternatives and studing the code and the email replies, but not start coding yet. Thanks Tom. -- []s Dickson S. Guedes ------------------------------------- Projeto Colmeia - Curitiba - PR (41) 3254-7130 ramal: 27 http://makeall.wordpress.com/ http://pgcon.postgresql.org.br/ http://planeta.postgresql.org.br/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers