From: Christoph Egger <christoph@anonymous.siccegge.de>
Date: Wed, 29 Oct 2014 21:04:50 +0000 (+0100)
Subject: Check if result is considered secure as well
X-Git-Url: https://git.siccegge.de//index.cgi?p=tools.git;a=commitdiff_plain;h=3db068ad66c6de4e0c0311785a20214134e4d31e

Check if result is considered secure as well
---

diff --git a/dnssec-check b/dnssec-check
index 2b745da..5cf0d59 100755
--- a/dnssec-check
+++ b/dnssec-check
@@ -24,15 +24,18 @@ def check_dnssec_expire(resolver, name, warn, crit):
         ub_strerror(s)
         return
 
+    if not result.secure:
+        print("CRIT (does not verify) %s" % (name, ))
+
     s, packet = ldns.ldns_wire2pkt(result.packet)
     rrsigs = packet.rr_list_by_type(RR_TYPE_RRSIG, ldns.LDNS_SECTION_ANSWER).rrs()
     for rrsig in rrsigs:
         delta = parse_rrsig_expire(str(rrsig.rrsig_expiration()))
 
         if delta < crit:
-            print("CRIT (%s) %s" % (delta, name))
+            print("CRIT (expires in %s) %s" % (delta, name))
         elif delta < warn:
-            print("WARN (%s) %s" % (delta, name))
+            print("WARN (expires in %s) %s" % (delta, name))
     
 
 def main():