jdMorgan - 1:35 pm on Jul 12, 2011 (gmt 0)
To answer the original question, there is a configuration setting at the server level which enables/disables the ability to do the reverse-DNS lookups required to "deny by hostname." If this setting is disabled, then rDNS lookups will never be performed, and the "Remote_Host" environment variable will always be identical to the Remote_Addr variable. In other words, Remote_Host will contain the remote host's IP address, and not its hostname, so you'll be trying to compare "example.ru" to an IP address, and it won't ever match.
rDNS lookups require that your server make one outgoing DNS lookup request for each incoming "user" http request. If this rDNS connection/lookup is slow or if it fails, then the user's request will also be slow or fail. That's why -- as wilderness stated above -- access control by IP is so much more efficient and faster than access control by hostname. Of course, if you really need access control by hostname, that may be of only secondary concern...
Another issue to be aware of is that if you enable rDNS lookups and use them in your .htaccess or config code, then you may find that your raw server logs suddenly "switch formats" and start showing hostnames for all requests. This is because many servers are set up to log hostnames if available, and by enabling and using hostname lookups, you've made those hostnames available for logging. You may or may not like seeing hostnames in your logs files -- personally, I prefer seeing either only the IP address or *both* the IP address and the hostname. However, if you enable rDNS on the server, then you won't have that choice unless you also have server config-level access, and can go change the logging format template so that IP addresses are always logged instead of/in addition to hostnames. See Apache mod_log_config %h versus %a tokens for more info.