#include "arguments.hh"
#include "version.hh"
#include "validate-recursor.hh"
+#include "secpoll.hh"
#include <stdint.h>
#ifndef PACKAGEVERSION
string pkgv(PACKAGEVERSION);
struct timeval now;
gettimeofday(&now, 0);
+
+ /* update last_secpoll right now, even if it fails
+ we don't want to retry right away and hammer the server */
+ *last_secpoll=now.tv_sec;
+
SyncRes sr(now);
if (g_dnssecmode != DNSSECMode::Off) {
sr.setDoDNSSEC(true);
vState state = Indeterminate;
DNSName query(qstring);
- int res=sr.beginResolve(query, QType(QType::TXT), 1, ret);
+ int res = sr.beginResolve(query, QType(QType::TXT), 1, ret);
if (g_dnssecmode != DNSSECMode::Off && res) {
state = sr.getValidationState();
}
if(state == Bogus) {
- L<<Logger::Error<<"Could not retrieve security status update for '" +pkgv+ "' on '"<<query<<"', DNSSEC validation result was Bogus!"<<endl;
+ g_log<<Logger::Error<<"Could not retrieve security status update for '" +pkgv+ "' on '"<<query<<"', DNSSEC validation result was Bogus!"<<endl;
if(g_security_status == 1) // If we were OK, go to unknown
g_security_status = 0;
return;
}
- if(!res && !ret.empty()) {
- string content=ret.begin()->d_content->getZoneRepresentation();
- if(!content.empty() && content[0]=='"' && content[content.size()-1]=='"') {
- content=content.substr(1, content.length()-2);
- }
-
- pair<string, string> split = splitField(content, ' ');
-
- g_security_status = std::stoi(split.first);
- g_security_message = split.second;
-
- *last_secpoll=now.tv_sec;
+ if (res == RCode::NXDomain && !isReleaseVersion(pkgv)) {
+ g_log<<Logger::Warning<<"Not validating response for security status update, this is a non-release version"<<endl;
+ return;
}
- else {
- if(pkgv.find("0.0.") != 0)
- L<<Logger::Warning<<"Could not retrieve security status update for '" +pkgv+ "' on '"<<query<<"', RCODE = "<< RCode::to_s(res)<<endl;
- else
- L<<Logger::Warning<<"Ignoring response for security status update, this is a non-release version."<<endl;
- if(g_security_status == 1) // it was ok, now it is unknown
- g_security_status = 0;
- if(res == RCode::NXDomain) // if we had NXDOMAIN, keep on trying more more frequently
- *last_secpoll=now.tv_sec;
+ string security_message;
+ int security_status = g_security_status;
+
+ try {
+ processSecPoll(res, ret, security_status, security_message);
+ } catch(const PDNSException &pe) {
+ g_security_status = security_status;
+ g_log<<Logger::Warning<<"Could not retrieve security status update for '" << pkgv << "' on '"<< query << "': "<<pe.reason<<endl;
+ return;
}
- if(g_security_status == 2) {
- L<<Logger::Error<<"PowerDNS Security Update Recommended: "<<g_security_message<<endl;
+ g_security_message = security_message;
+
+ if(g_security_status != 1 && security_status == 1) {
+ g_log<<Logger::Warning << "Polled security status of version "<<pkgv<<", no known issues reported: " <<g_security_message<<endl;
}
- else if(g_security_status == 3) {
- L<<Logger::Error<<"PowerDNS Security Update Mandatory: "<<g_security_message<<endl;
+ if(security_status == 2) {
+ g_log<<Logger::Error<<"PowerDNS Security Update Recommended: "<<g_security_message<<endl;
}
+ if(security_status == 3) {
+ g_log<<Logger::Error<<"PowerDNS Security Update Mandatory: "<<g_security_message<<endl;
+ }
+
+ g_security_status = security_status;
}