Re: libpq should not look up all host addresses at once - Mailing list pgsql-hackers

From Nico Williams
Subject Re: libpq should not look up all host addresses at once
Date
Msg-id 20180814201802.GE30604@localhost
Whole thread Raw
In response to Re: libpq should not look up all host addresses at once  (Garick Hamlin <ghamlin@isc.upenn.edu>)
List pgsql-hackers
On Tue, Aug 14, 2018 at 03:18:32PM -0400, Garick Hamlin wrote:
> On Tue, Aug 14, 2018 at 12:24:32PM +0200, Fabien COELHO wrote:
> > I read the rational of the host/hostaddr artificial mapping. I cannot say
> > I'm thrilled with the result: I do not really see a setting where avoiding a
> > DNS query is required but which still needs a hostname for auth... If you
> > have GSSAPI or SSPI then you have an underlying network, in which a dns
> > query should be fine.
> 
> FWIW, I think this is useful even it will be uncommon to use.  I run
> some HA services here and I find I use this kind of functionality all
> the time to test if a standby node functioning properly.  openssh 
> GSSAPIServerIdentity does this.  curl does this via '--resolve'.  In
> both cases one can check the name authenticates properly via TLS or
> GSSAPI while connecting to an IP that is not production.  

+1

curl's --resolve is a fantastic diagnostic tool.  I wish it also allowed
changing the destination port as well.

While I'm at it, I strongly prefer using postgresql: URIs to any other
way to specify connect info, and I think PG should do more to encourage
their use -- perhaps even deprecating the alternatives.

Nico
-- 


pgsql-hackers by date:

Previous
From: Peter Eisentraut
Date:
Subject: Re: Pre-v11 appearances of the word "procedure" in v11 docs
Next
From: Robert Haas
Date:
Subject: Re: Facility for detecting insecure object naming