rec: Don't retry security polling too often when it fails

(cherry picked from commit 491d5d97c907be9619910ee22646c8da911d0256)

diff --git a/pdns/secpoll-recursor.cc b/pdns/secpoll-recursor.cc
index c7fa5b817942a40f0fc495a1b8a4fbbfc59dd33a..10c722424c00aa3899b4c3f059d63fba6272d47e 100644 (file)
--- a/pdns/secpoll-recursor.cc
+++ b/pdns/secpoll-recursor.cc
@@ -24,6 +24,11 @@ void doSecPoll(time_t* last_secpoll)
   string pkgv(PACKAGEVERSION);
   struct timeval now;
   gettimeofday(&now, 0);
+
+  /* update last_secpoll right now, even if it fails
+     we don't want to retry right away and hammer the server */
+  *last_secpoll=now.tv_sec;
+
   SyncRes sr(now);
   if (g_dnssecmode != DNSSECMode::Off)
     sr.d_doDNSSEC=true;
@@ -65,7 +70,6 @@ void doSecPoll(time_t* last_secpoll)
     g_security_status = std::stoi(split.first);
     g_security_message = split.second;
 
-    *last_secpoll=now.tv_sec;
   }
   else {
     if(pkgv.find("0.0."))
@@ -75,8 +79,6 @@ void doSecPoll(time_t* last_secpoll)
 
     if(g_security_status == 1) // it was ok, now it is unknown
       g_security_status = 0;
-    if(res == RCode::NXDomain) // if we had NXDOMAIN, keep on trying more more frequently
-      *last_secpoll=now.tv_sec; 
   }
 
   if(g_security_status == 2) {