From 3db068ad66c6de4e0c0311785a20214134e4d31e Mon Sep 17 00:00:00 2001
From: Christoph Egger <christoph@anonymous.siccegge.de>
Date: Wed, 29 Oct 2014 22:04:50 +0100
Subject: [PATCH] Check if result is considered secure as well

---
 dnssec-check | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/dnssec-check b/dnssec-check
index 2b745da..5cf0d59 100755
--- a/dnssec-check
+++ b/dnssec-check
@@ -24,15 +24,18 @@ def check_dnssec_expire(resolver, name, warn, crit):
         ub_strerror(s)
         return
 
+    if not result.secure:
+        print("CRIT (does not verify) %s" % (name, ))
+
     s, packet = ldns.ldns_wire2pkt(result.packet)
     rrsigs = packet.rr_list_by_type(RR_TYPE_RRSIG, ldns.LDNS_SECTION_ANSWER).rrs()
     for rrsig in rrsigs:
         delta = parse_rrsig_expire(str(rrsig.rrsig_expiration()))
 
         if delta < crit:
-            print("CRIT (%s) %s" % (delta, name))
+            print("CRIT (expires in %s) %s" % (delta, name))
         elif delta < warn:
-            print("WARN (%s) %s" % (delta, name))
+            print("WARN (expires in %s) %s" % (delta, name))
     
 
 def main():
-- 
2.39.2