X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=dsa-nagios-checks%2Fchecks%2Fdsa-check-dnssec-delegation;h=e614bf2950622a93ab6389ba28c15a441234c617;hb=9a62ca8615e7294014941c6f34357bafd1210b78;hp=676dce1d3368ba8fb9474ba2d67fd673e16688b5;hpb=c65555e96f6d8b75096e8ac60495dc61c7cb2b5a;p=mirror%2Fdsa-nagios.git

diff --git a/dsa-nagios-checks/checks/dsa-check-dnssec-delegation b/dsa-nagios-checks/checks/dsa-check-dnssec-delegation
index 676dce1..e614bf2 100755
--- a/dsa-nagios-checks/checks/dsa-check-dnssec-delegation
+++ b/dsa-nagios-checks/checks/dsa-check-dnssec-delegation
@@ -1,6 +1,6 @@
 #!/usr/bin/perl
 
-# Copyright (c) 2010 Peter Palfrader <peter@palfrader.org>
+# Copyright (c) 2010, 2014, 2015 Peter Palfrader <peter@palfrader.org>
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
@@ -70,6 +70,12 @@ sub get_tag_generic {
 		next unless (lc($rr->name) eq lc($zone));
 
 		my $tag = $options{'pretty'} ? sprintf("%5d(%d)", $rr->keytag, $rr->algorithm) : $rr->keytag;
+
+		if ($type eq 'DNSKEY' && ($rr->{'flags'} & (1<<(15-8)))) {
+			# key is revoked
+			next;
+		}
+
 		# for now only handle KSKs, i.e. keys with the SEP flag set
 		if ($type eq 'DNSKEY' && !($rr->is_sep)) {
 			push @zsks, $tag;