Using host names in `pg_hba.conf`?

According to the PostgreSQL documentation:


A host name specification that starts with a dot (.) matches a suffix
of the actual host name. So .example.com would match foo.example.com
(but not just example.com).

So I put this line in pg_hba.conf and restarted PostgreSQL:

hostssl market_data market_data_access .horsholm.dk md5

Then I attempt to connect to the database:

psql "postgresql://market_data_access@:5433/market_data?sslmode=require"

Instead of a password prompt, I get this:

psql: FATAL:  no pg_hba.conf entry for host "195.249.206.131", user "market_data_access", database "market_data", SSL on

Just to check, I make reverse DNS look-up of the IP address listed in the error message:

$ host 195.249.206.131
131.206.249.195.in-addr.arpa is an alias for 131.129-190.206.249.195.in-addr.arpa.
131.129-190.206.249.195.in-addr.arpa domain name pointer kommune.horsholm.dk.
$

What am I doing wrong?

It's not sufficient that 195.249.206.131 resolves to kommune.horsholm.dk that matches the wildcard.

After checking that, Postgres will try to resolve kommune.horsholm.dk and find that it doesn't resolve to 195.249.206.131 (as it doesn't resolve
at all in this particular case)

$ host kommune.horsholm.dk
Host kommune.horsholm.dk not found: 3(NXDOMAIN)

Doc quote:


If a host name is specified (anything that is not an IP address range
or a special key word is treated as a host name), that name is
compared with the result of a reverse name resolution of the client's
IP address (e.g., reverse DNS lookup, if DNS is used). Host name
comparisons are case insensitive. If there is a match, then a forward
name resolution (e.g., forward DNS lookup) is performed on the host
name to check whether any of the addresses it resolves to are equal to
the client's IP address. If both directions match, then the entry is
considered to match

StackExchange Database Administrators Q#212020, answer score: 9