Reputation: 6805
Allowing hostname access in pg_hba.conf, won't work unless I also add the resolved ip address?
I want to allow postgres access from a hostname rather than an IP. I added access from the hostname to my pg_hba.conf, but when looking at the error log it appears that DNS resolves this hostname to an IP, connections from this IP are not allowed unless I explicitly allow access. This defeats the whole purpose of using the hostname, as hostnames for my services will NEVER change, where as the ip addresses can change daily.
What is the solution to this problem? Maybe my conf is just incorrect?
error:
test@test FATAL: no pg_hba.conf entry for host "10.81.128.90", user "test", database "test", SSL on[1]:
test@test DETAIL: Client IP address resolved to "cannablrv2-locationserver-1.kontena.local", forward lookup not checked.
shell script that adds access to pg_hba.conf
# Restrict subnet to docker private network
echo "host all all 172.17.0.0/16 md5" >> /etc/postgresql/9.5/main/pg_hba.conf
# Allow access from locationserver
echo "host all all cannablrv2-locationserver.test.kontena.local md5" >> /etc/postgresql/9.5/main/pg_hba.conf
# And allow access from DockerToolbox / Boottodocker on OSX
echo "host all all 192.168.0.0/16 md5" >> /etc/postgresql/9.5/main/pg_hba.conf
# Listen on all ip addresses
echo "listen_addresses = '*'" >> /etc/postgresql/9.5/main/postgresql.conf
echo "port = 5432" >> /etc/postgresql/9.5/main/postgresql.conf
Upvotes: 5
Views: 7940
Answers (2)
Reputation: 5908
This answer assumes that you are using a DNS server for hostname resolution. According to https://www.postgresql.org/docs/current/auth-pg-hba-conf.html, if hostname is provided, then a reverse DNS look up will be performed with that IP. In your case, the reverse DNS look up of IP 10.81.128.90 is resolving to cannablrv2-locationserver-1.kontena.local instead of cannablrv2-locationserver.test.kontena.local which you have provided in your pg_hba.conf. Also, both reverse and forward DNS look up must give the expected results.
Upvotes: 1
Reputation: 247665
You see that the client IP address resolves to a different name than the one you entered in pg_hba.conf, which is why the connection fails.
Did you read the documentation? It explains in detail how host names are handled.
You might get away with using .kontena.local to match name sufixes.
Upvotes: 5
Related Questions
- no pg_hba.conf entry for host
- how to fix no pg_hba.conf entry for host "::1"
- Postgresql remote access no pg_hba.conf entry for host
- FATAL: no pg_hba.conf entry for host” but I can connect trough pgAdmin
- How can I allow connections by specifying docker-compose host names in postgres's pg_hba.conf file?
- Can't connect to Postgres remotely due to "no pg_hba.conf entry for host"
- no pg_hba.conf entry for host. PostgreSQL unable to connect via IP address?
- IP range in pg_hba.conf for remote access to pgsql
- How to specify host name in pg_hba.conf file of postgresql?
- postgres ip difference between pg_hba.conf and postgresql.conf