From 581d4ea357effe5b7d61da8cd46cec6ed9cb132e Mon Sep 17 00:00:00 2001
From: bert hubert <bert.hubert@netherlabs.nl>
Date: Wed, 8 Nov 2017 15:33:45 +0100
Subject: [PATCH] in the recursor secpoll code, we ASSumed the TXT record would
 be the first record we received. Sometimes it was the RRSIG, leading to a
 silent error, and no secpoll check. Fixed the assumption, added an error.

---
 pdns/pdns_recursor.cc    |  5 ++++-
 pdns/secpoll-recursor.cc | 12 ++++++++----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index e987037e0..50c4156c5 100644
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -2158,7 +2158,10 @@ static void houseKeeping(void *)
 	try {
 	  doSecPoll(&last_secpoll);
 	}
-	catch(...) {}
+	catch(std::exception& e)
+        {
+          L<<Logger::Error<<"Exception while performing security poll: "<<e.what()<<endl;
+        }
       }
     }
     s_running=false;
diff --git a/pdns/secpoll-recursor.cc b/pdns/secpoll-recursor.cc
index c7b6d47d4..3248b8465 100644
--- a/pdns/secpoll-recursor.cc
+++ b/pdns/secpoll-recursor.cc
@@ -36,7 +36,7 @@ void doSecPoll(time_t* last_secpoll)
   }
 
   vector<DNSRecord> ret;
-
+  
   string version = "recursor-" +pkgv;
   string qstring(version.substr(0, 63)+ ".security-status."+::arg()["security-poll-suffix"]);
 
@@ -62,16 +62,20 @@ void doSecPoll(time_t* last_secpoll)
   }
 
   if(!res && !ret.empty()) {
-    string content=ret.begin()->d_content->getZoneRepresentation();
+    string content;
+    for(const auto&r : ret) {
+      if(r.d_type == QType::TXT)
+        content = r.d_content->getZoneRepresentation();
+    }
+
     if(!content.empty() && content[0]=='"' && content[content.size()-1]=='"') {
       content=content.substr(1, content.length()-2);
     }
-      
+
     pair<string, string> split = splitField(content, ' ');
     
     g_security_status = std::stoi(split.first);
     g_security_message = split.second;
-
   }
   else {
     if(pkgv.find("0.0.") != 0)
-- 
2.40.0