From f895ab61e7b0abdbd25eaaaa7522d31bfd16e1f6 Mon Sep 17 00:00:00 2001
From: Blake Rouse <blake.rouse@vindeka.com>
Date: Sun, 27 Feb 2022 07:36:38 -0500
Subject: [PATCH 1/2] Skip RRSIG records in response.

---
 src/discovery/srv.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/discovery/srv.go b/src/discovery/srv.go
index e862a182..1b681a28 100644
--- a/src/discovery/srv.go
+++ b/src/discovery/srv.go
@@ -75,6 +75,10 @@ func srvFetch(cfg config.DiscoveryConfig) (*[]core.Backend, error) {
 	for _, ans := range r.Answer {
 		record, ok := ans.(*dns.SRV)
 		if !ok {
+			// RRSIG is allowed because DNSSEC could be enabled.
+			if _, ok := ans.(*dns.RRSIG); ok {
+				continue
+			}
 			return nil, errors.New("Non-SRV record in SRV answer")
 		}
 

From fd1d79cf956381597f79ca5e1fc9cf097e56710a Mon Sep 17 00:00:00 2001
From: Blake Rouse <blake.rouse@vindeka.com>
Date: Sun, 27 Feb 2022 07:46:48 -0500
Subject: [PATCH 2/2] Fix srvIPLookup as well.

---
 src/discovery/srv.go | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/src/discovery/srv.go b/src/discovery/srv.go
index 1b681a28..377a1e45 100644
--- a/src/discovery/srv.go
+++ b/src/discovery/srv.go
@@ -153,12 +153,15 @@ func srvIPLookup(cfg config.DiscoveryConfig, pattern string, typ uint16) (string
 		return "", nil
 	}
 
-	switch ans := resp.Answer[0].(type) {
-	case *dns.A:
-		return ans.A.String(), nil
-	case *dns.AAAA:
-		return fmt.Sprintf("[%s]", ans.AAAA.String()), nil
-	default:
-		return "", nil
+	for _, answer := range resp.Answer {
+		switch ans := answer.(type) {
+		case *dns.A:
+			return ans.A.String(), nil
+		case *dns.AAAA:
+			return fmt.Sprintf("[%s]", ans.AAAA.String()), nil
+		default:
+			continue
+		}
 	}
+	return "", nil
 }