in the recursor secpoll code, we ASSumed the TXT record would be the first record...

(cherry picked from commit 581d4ea357effe5b7d61da8cd46cec6ed9cb132e)

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 9205be38394fd49b9134e77c13ffd352f4c26e19..bdbfd3c6c72a72ee617e08e70364ca8f3ebbe122 100644 (file)
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -2024,7 +2024,10 @@ static void houseKeeping(void *)
        try {
          doSecPoll(&last_secpoll);
        }
-       catch(...) {}
+       catch(std::exception& e)
+        {
+          L<<Logger::Error<<"Exception while performing security poll: "<<e.what()<<endl;
+        }
       }
     }
     s_running=false;

diff --git a/pdns/secpoll-recursor.cc b/pdns/secpoll-recursor.cc
index 87cd5820245d078cc237ab5c8c83f1db71de93bd..e08cac8299163b26eff7e79967efa4bde3f10253 100644 (file)
--- a/pdns/secpoll-recursor.cc
+++ b/pdns/secpoll-recursor.cc
@@ -33,7 +33,7 @@ void doSecPoll(time_t* last_secpoll)
   if (g_dnssecmode != DNSSECMode::Off)
     sr.d_doDNSSEC=true;
   vector<DNSRecord> ret;
-
+  
   string version = "recursor-" +pkgv;
   string qstring(version.substr(0, 63)+ ".security-status."+::arg()["security-poll-suffix"]);
 
@@ -60,16 +60,20 @@ void doSecPoll(time_t* last_secpoll)
   }
 
   if(!res && !ret.empty()) {
-    string content=ret.begin()->d_content->getZoneRepresentation();
+    string content;
+    for(const auto&r : ret) {
+      if(r.d_type == QType::TXT)
+        content = r.d_content->getZoneRepresentation();
+    }
+
     if(!content.empty() && content[0]=='"' && content[content.size()-1]=='"') {
       content=content.substr(1, content.length()-2);
     }
-      
+
     pair<string, string> split = splitField(content, ' ');
     
     g_security_status = std::stoi(split.first);
     g_security_message = split.second;
-
   }
   else {
     if(pkgv.find("0.0."))