From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 7 Nov 2017 10:40:30 +0000 (+0100)
Subject: rec: Don't retry security polling too often when it fails
X-Git-Tag: rec-4.0.7~2^2~2^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6144a1b2a76924f7e8bd8866f3fbd165fb650e83;p=pdns

rec: Don't retry security polling too often when it fails

(cherry picked from commit 491d5d97c907be9619910ee22646c8da911d0256)
---

diff --git a/pdns/secpoll-recursor.cc b/pdns/secpoll-recursor.cc
index c7fa5b817..10c722424 100644
--- a/pdns/secpoll-recursor.cc
+++ b/pdns/secpoll-recursor.cc
@@ -24,6 +24,11 @@ void doSecPoll(time_t* last_secpoll)
   string pkgv(PACKAGEVERSION);
   struct timeval now;
   gettimeofday(&now, 0);
+
+  /* update last_secpoll right now, even if it fails
+     we don't want to retry right away and hammer the server */
+  *last_secpoll=now.tv_sec;
+
   SyncRes sr(now);
   if (g_dnssecmode != DNSSECMode::Off)
     sr.d_doDNSSEC=true;
@@ -65,7 +70,6 @@ void doSecPoll(time_t* last_secpoll)
     g_security_status = std::stoi(split.first);
     g_security_message = split.second;
 
-    *last_secpoll=now.tv_sec;
   }
   else {
     if(pkgv.find("0.0."))
@@ -75,8 +79,6 @@ void doSecPoll(time_t* last_secpoll)
 
     if(g_security_status == 1) // it was ok, now it is unknown
       g_security_status = 0;
-    if(res == RCode::NXDomain) // if we had NXDOMAIN, keep on trying more more frequently
-      *last_secpoll=now.tv_sec; 
   }
 
   if(g_security_status == 2) {