Thread

  1. Re: [PATCH] libpq: try all addresses for a host before moving to next on target_session_attrs mismatch

    Jacob Champion <jacob.champion@enterprisedb.com> — 2026-05-12T20:15:12Z

    On Thu, Mar 12, 2026 at 9:01 AM Alastair Turner <minion@decodable.me> wrote:
    > Administering A records with multiple IP addresses is also a simpler, flat process.
    
    I agree, but I'm arguing that this architectural simplicity is also
    architecturally unsound.
    
    > I'd say that the boundary has moved - from "find me an endpoint from this list of hosts with these characteristics" to "find me an endpoint from this list of IPs with these characteristics" - rather than that they've become tangled. "Connect me to this list of addresses as fast as possible" still sounds like a good place to be.
    
    I'm uncomfortable redefining "host" in our code as a bag of arbitrary
    unrelated IP addresses.
    
    Here are some similar feature requests, adjusted to be more obviously
    problematic IMO, which should hopefully give you heartburn.
    
    - "I want libpq to try the next IP address if I try to connect to
    example.net and it gives me a certificate for evil.example.com."
    - "Ditto, if the certificate chain I'm served is completely invalid."
    - "Ditto, if the server cert is valid but it doesn't speak the postgresql ALPN."
    
    These are all indications that something is dangerously wrong with the
    entire *host*, and I think we should not continue in any of those
    cases.
    
    --Jacob