Tom Lane wrote:
> Alvaro Herrera <alvherre@commandprompt.com> writes:
>
>> Perhaps the solution to this problem is to do the lookups and store the
>> TTL of each answer. At the time of actually checking you need only get
>> a new answer for those that expired.
>>
>
> This is not behavior we'd want to put into the postmaster, though,
> and it's hard to see how to manage it otherwise. (Well, maybe a new
> postmaster child process just for this, but I find it hard to believe
> the feature is worth that.)
>
>
>
Indeed.
The only circumstance in which this feature should be used is probably
where you have control over the zones involved. For remote connections
I'd far rather have an open address specification and require SSL with
client side certs.
The potential for self-inflicted pain from this feature does worry me a bit.
cheers
andrew