- s, result = resolver.resolve(name)
- if 0 != s:
- pass
-
- s, packet = ldns.ldns_wire2pkt(result.packet)
- rrsigs = packet.rr_list_by_type(unbound.RR_TYPE_RRSIG, ldns.LDNS_SECTION_ANSWER).rrs()
- for rrsig in rrsigs:
- delta = parse_rrsig_expire(str(rrsig.rrsig_expiration()))
-
- if delta < crit:
- print "CRIT (%s) %s" % (delta, name)
- elif delta < warn:
- print "WARN (%s) %s" % (delta, name)
+ for rrtype in [RR_TYPE_SOA, RR_TYPE_DNSKEY]:
+ s, result = resolver.resolve(name, rrtype=rrtype)
+ if 0 != s:
+ ub_strerror(s)
+ return 3
+
+ if not result.secure:
+ print("CRIT (does not verify) %s" % (name, ))
+ return 2
+
+ s, packet = ldns.ldns_wire2pkt(result.packet)
+ rrsigs = packet.rr_list_by_type(RR_TYPE_RRSIG, ldns.LDNS_SECTION_ANSWER).rrs()
+
+ for rrsig in rrsigs:
+ delta = parse_rrsig_expire(str(rrsig.rrsig_expiration()))
+
+ if delta < crit:
+ print("CRIT (expires in %s) %s" % (delta, name))
+ return 2
+ elif delta < warn:
+ print("WARN (expires in %s) %s" % (delta, name))
+ return 1
+ return 0