recursor security poll is now feature complete. Distributors can set their security...

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 2e19a7dea046988172ace072329ae4f0b5cbd44c..a6e71a007f0db785d937bb880bf78e875b90dad2 100644 (file)
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -1223,19 +1223,16 @@ try
       last_stat=time(0);
     }
 
-    if(now.tv_sec - last_secpoll >= 1800) {
+    if(now.tv_sec - last_secpoll >= 3600) {
       doSecPoll(&last_secpoll);
     }
   }
-  
-
 }
 catch(PDNSException& ae)
 {
-  L<<Logger::Error<<"Fatal error: "<<ae.reason<<endl;
+  L<<Logger::Error<<"Fatal error in housekeeping thread: "<<ae.reason<<endl;
   throw;
 }
-;
 
 void makeThreadPipes()
 {

diff --git a/pdns/secpoll-recursor.cc b/pdns/secpoll-recursor.cc
index 35e43edd377a785f242ad001b7b414535a41c745..c3987c8c2545d8512f51b1b5a92671f1c788bde2 100644 (file)
--- a/pdns/secpoll-recursor.cc
+++ b/pdns/secpoll-recursor.cc
@@ -25,6 +25,11 @@ void doSecPoll(time_t* last_secpoll)
 
   string query = "recursor-" PACKAGEVERSION ".security-status."+::arg()["security-poll-suffix"];
 
+  if(*query.rbegin()!='.')
+    query+='.';
+
+  boost::replace_all(query, "+", "_");
+
   int res=sr.beginResolve(query, QType(QType::TXT), 1, ret);
   if(!res && !ret.empty()) {
     string content=ret.begin()->content;
@@ -41,8 +46,10 @@ void doSecPoll(time_t* last_secpoll)
   }
   else {
     L<<Logger::Warning<<"Could not retrieve security status update for '" PACKAGEVERSION "' on '"+query+"', RCODE = "<< RCode::to_s(res)<<endl;
-    if(g_security_status == 1)
+    if(g_security_status == 1) // it was ok, not it is unknown
       g_security_status = 0;
+    if(res == RCode::NXDomain) // if we had servfail, keep on trying more more frequently
+      *last_secpoll=now.tv_sec; 
   }
 
   if(g_security_status == 2) {