Ismael Thank you for responding.
KIP-235 modified ClientUtils#parseAndValidateAddresses [1] to resolve an address alias (i.e. bootstrap server) into multiple addresses. This is why it would break SSL hostname verification when the bootstrap server is an IP address, i.e. it will resolve the IP address to an FQDN and use that FQDN in the SSL handshake. However, what I am proposing is to modify ClientUtils#resolve [2], which is only used in ClusterConnectionStates#currentAddress [3], to get the resolved InetAddress of the address to connect to. And ClusterConnectionStates#currentAddress is only used by NetworkClient#initiateConnect [4] to create InetSocketAddress to establish the socket connection to the broker. Therefore, as far as I know, this change will not affect higher level protocol like SSL or SASL. PR coming after this. Thanks Badai [1] https://github.com/apache/kafka/blob/2.5.0/clients/src/main/java/org/apache/kafka/clients/ClientUtils.java#L51 [2] https://github.com/apache/kafka/blob/2.5.0/clients/src/main/java/org/apache/kafka/clients/ClientUtils.java#L111 [3] https://github.com/apache/kafka/blob/2.5.0/clients/src/main/java/org/apache/kafka/clients/ClusterConnectionStates.java#L403 [4] https://github.com/apache/kafka/blob/2.5.0/clients/src/main/java/org/apache/kafka/clients/NetworkClient.java#L955 On Sun, May 10, 2020 at 10:18 AM Ismael Juma <ism...@juma.me.uk> wrote: > Hi Badai, > > I think this is a good change. Can you please address the issues raised > by KIP-235? That was the reason why we did not do it previously. > > Ismael > > On Mon, Apr 27, 2020 at 5:46 PM Badai Aqrandista <ba...@confluent.io> > wrote: > >> Hi everyone >> >> I have opened this KIP to have client.dns.lookup default value changed to >> "use_all_dns_ips". >> >> >> https://cwiki.apache.org/confluence/display/KAFKA/KIP-602%3A+Change+default+value+for+client.dns.lookup >> >> Feedback appreciated. >> >> PS: I'm new here so please let me know if I miss anything. >> >> -- >> Thanks, >> Badai >> > -- Thanks, Badai
