From reading the doc’s it looks like a CNAME will not in general work as a hostname specification in pg_hba.conf. Is
thata correct interpretation of the the documentation?
From the doc’s (https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
If a host name is specified (anything that is not an IP address range or a special key word is treated as a host name),
thatname is compared with the result of a reverse name resolution of the client's IP address (e.g., reverse DNS lookup,
ifDNS is used). Host name comparisons are case insensitive. If there is a match, then a forward name resolution (e.g.,
forwardDNS lookup) is performed on the host name to check whether any of the addresses it resolves to are equal to the
client'sIP address. If both directions match, then the entry is considered to match. (The host name that is used in
pg_hba.confshould be the one that address-to-name resolution of the client's IP address returns, otherwise the line
won'tbe matched. Some host name databases allow associating an IP address with multiple host names, but the operating
systemwill only return one host name when asked to resolve an IP address.)