From 3db068ad66c6de4e0c0311785a20214134e4d31e Mon Sep 17 00:00:00 2001 From: Christoph Egger Date: Wed, 29 Oct 2014 22:04:50 +0100 Subject: [PATCH] Check if result is considered secure as well --- dnssec-check | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/dnssec-check b/dnssec-check index 2b745da..5cf0d59 100755 --- a/dnssec-check +++ b/dnssec-check @@ -24,15 +24,18 @@ def check_dnssec_expire(resolver, name, warn, crit): ub_strerror(s) return + if not result.secure: + print("CRIT (does not verify) %s" % (name, )) + s, packet = ldns.ldns_wire2pkt(result.packet) rrsigs = packet.rr_list_by_type(RR_TYPE_RRSIG, ldns.LDNS_SECTION_ANSWER).rrs() for rrsig in rrsigs: delta = parse_rrsig_expire(str(rrsig.rrsig_expiration())) if delta < crit: - print("CRIT (%s) %s" % (delta, name)) + print("CRIT (expires in %s) %s" % (delta, name)) elif delta < warn: - print("WARN (%s) %s" % (delta, name)) + print("WARN (expires in %s) %s" % (delta, name)) def main(): -- 2.39.5