+ for rrtype in [RR_TYPE_SOA, RR_TYPE_DNSKEY]:
+ s, result = resolver.resolve(name, rrtype=rrtype)
+ if 0 != s:
+ ub_strerror(s)
+ return 3
+
+ if not result.secure:
+ print("CRIT (does not verify) %s" % (name, ))
+ return 2
+
+ s, packet = ldns.ldns_wire2pkt(result.packet)
+ rrsigs = packet.rr_list_by_type(RR_TYPE_RRSIG, ldns.LDNS_SECTION_ANSWER).rrs()
+
+ for rrsig in rrsigs:
+ delta = parse_rrsig_expire(str(rrsig.rrsig_expiration()))
+
+ if delta < crit:
+ print("CRIT (expires in %s) %s" % (delta, name))
+ return 2
+ elif delta < warn:
+ print("WARN (expires in %s) %s" % (delta, name))
+ return 1
+ return 0
+
+def check_zone_synced(resolver, name):
+ s, result = resolver.resolve(name, RR_TYPE_NS)