X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=dsa-nagios-checks%2Fchecks%2Fdsa-check-dnssec-delegation;h=65b48b0cb19342d056ad6848b044b3da4f62f98e;hb=3cd0bd007702d89084e437a9f4fc4e81a66ce8c5;hp=676dce1d3368ba8fb9474ba2d67fd673e16688b5;hpb=b405a9cadb47391e8155999014825fd93be78944;p=mirror%2Fdsa-nagios.git

diff --git a/dsa-nagios-checks/checks/dsa-check-dnssec-delegation b/dsa-nagios-checks/checks/dsa-check-dnssec-delegation
index 676dce1..65b48b0 100755
--- a/dsa-nagios-checks/checks/dsa-check-dnssec-delegation
+++ b/dsa-nagios-checks/checks/dsa-check-dnssec-delegation
@@ -1,6 +1,6 @@
 #!/usr/bin/perl
 
-# Copyright (c) 2010 Peter Palfrader <peter@palfrader.org>
+# Copyright (c) 2010, 2014, 2015, 2017 Peter Palfrader <peter@palfrader.org>
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
@@ -70,8 +70,14 @@ sub get_tag_generic {
 		next unless (lc($rr->name) eq lc($zone));
 
 		my $tag = $options{'pretty'} ? sprintf("%5d(%d)", $rr->keytag, $rr->algorithm) : $rr->keytag;
+
+		if ($type eq 'DNSKEY' && ($rr->{'flags'} & (1<<(15-8)))) {
+			# key is revoked
+			next;
+		}
+
 		# for now only handle KSKs, i.e. keys with the SEP flag set
-		if ($type eq 'DNSKEY' && !($rr->is_sep)) {
+		if ($type eq 'DNSKEY' && !($rr->sep)) {
 			push @zsks, $tag;
 			next;
 		}