Thread
-
Re: [PATCH] libpq: try all addresses for a host before moving to next on target_session_attrs mismatch
Jacob Champion <jacob.champion@enterprisedb.com> — 2026-05-12T20:15:12Z
On Thu, Mar 12, 2026 at 9:01 AM Alastair Turner <minion@decodable.me> wrote: > Administering A records with multiple IP addresses is also a simpler, flat process. I agree, but I'm arguing that this architectural simplicity is also architecturally unsound. > I'd say that the boundary has moved - from "find me an endpoint from this list of hosts with these characteristics" to "find me an endpoint from this list of IPs with these characteristics" - rather than that they've become tangled. "Connect me to this list of addresses as fast as possible" still sounds like a good place to be. I'm uncomfortable redefining "host" in our code as a bag of arbitrary unrelated IP addresses. Here are some similar feature requests, adjusted to be more obviously problematic IMO, which should hopefully give you heartburn. - "I want libpq to try the next IP address if I try to connect to example.net and it gives me a certificate for evil.example.com." - "Ditto, if the certificate chain I'm served is completely invalid." - "Ditto, if the server cert is valid but it doesn't speak the postgresql ALPN." These are all indications that something is dangerously wrong with the entire *host*, and I think we should not continue in any of those cases. --Jacob