Re: [PATCH] libpq: try all addresses for a host before moving to next on target_session_attrs mismatch

On Thu, Mar 12, 2026 at 9:01 AM Alastair Turner <minion(at)decodable(dot)me> wrote:
> Administering A records with multiple IP addresses is also a simpler, flat process.

I agree, but I'm arguing that this architectural simplicity is also
architecturally unsound.

> I'd say that the boundary has moved - from "find me an endpoint from this list of hosts with these characteristics" to "find me an endpoint from this list of IPs with these characteristics" - rather than that they've become tangled. "Connect me to this list of addresses as fast as possible" still sounds like a good place to be.

I'm uncomfortable redefining "host" in our code as a bag of arbitrary
unrelated IP addresses.

Here are some similar feature requests, adjusted to be more obviously
problematic IMO, which should hopefully give you heartburn.

- "I want libpq to try the next IP address if I try to connect to
example.net and it gives me a certificate for evil.example.com."
- "Ditto, if the certificate chain I'm served is completely invalid."
- "Ditto, if the server cert is valid but it doesn't speak the postgresql ALPN."

These are all indications that something is dangerously wrong with the
entire *host*, and I think we should not continue in any of those
cases.

--Jacob