diff -r e502f4d6e7a2 -r 8da9e81acf82 plugins/check_dns-delegation
--- a/plugins/check_dns-delegation	Tue Jan 06 15:14:23 2015 +0100
+++ b/plugins/check_dns-delegation	Tue Jan 06 21:42:41 2015 +0100
@@ -12,13 +12,24 @@
 
 =head1 DESCRIPTION
 
-B<check_dns-serial> is designed as a Icinga/Nagios plugin to verify that
-all responsible NS have the same serial number for their zones.
+B<check_dns-delegation> is designed as a Icinga/Nagios plugin to verify that
+all responsible NS know about the delegation.
+
+Each domain has to survive the following tests:
+
+=over
+
+=item The I<reference> server needs to be authoritive.
 
-Domains we are not responsible for are marked as B<critical>.
-Mismatching serial numbers are marked as B<critical>.
+=item The NS records known outside (checked with some public DNS service)
+need to match the NS records obtained from the reference server.
 
-The list of domains may consist of the following items:
+=item The serial numbers obtained from the NS servers B<and> the
+reference server need to match. All servers need to be authoritive!
+
+=back
+
+The I<DOMAINS> are passed a a list in one of the following forms:
 
 =over
 
@@ -90,7 +101,7 @@
 
         if ($src =~ m{^(?:(/.*)|file://(/.*))}) {
             open(my $f, '<', $1) or die "$0: Can't open $1 for reading: $!\n";
-            push @domains, map { /^\s*(\S+)\s*/ } <$f>;
+            push @domains, map { /^\s*(\S+)\s*/ } grep { !/^\s*#/ } <$f>;
             next;
         }
 
@@ -159,6 +170,7 @@
     my (@errs, @ns);
     my @our = eval { sort +ns($domain, nameservers => [$reference], aa => 1) };
     push @errs, $@ if $@;
+
     my @their = eval { sort +ns($domain) };
     push @errs, $@ if $@;
 
@@ -179,7 +191,7 @@
 
 sub serial_ok {
     my ($domain, @ns) = @_;
-    my @serials = map { my $s = serial $domain, nameservers => [$_]; "$s\@$_" } @ns;
+    my @serials = map { my $s = serial $domain, nameservers => [$_], aa => 1; "$s\@$_" } @ns;
     ### @serials
 
     if (uniq(map { /(\d+)/ } @serials) != 1) {
@@ -219,7 +231,7 @@
         my @ns = eval { ns_ok($domain, $opt_reference) };
 	if ($@) { 
             $CRITICAL{$domain} = $@;
-            say STDERR 'ns not ok' if $opt_progress;
+            say STDERR 'fail(ns)' if $opt_progress;
             next;
         }
         print STDERR 'ok(ns) ' if $opt_progress;
@@ -227,7 +239,7 @@
         my @serial = eval { serial_ok($domain, @ns, $opt_reference) };
         if ($@) {
             $CRITICAL{$domain} = $@;
-            say STDERR 'serial not ok' if $opt_progress;
+            say STDERR 'fail(serial)' if $opt_progress;
             next;
         }
         say STDERR 'ok(serial)' if $opt_progress;
@@ -266,6 +278,10 @@
 
 Tell about the progress. (default: on if input is connected to a terminal)
 
+=item B<--additional>
+
+Domains from this list are
+
 =back
 
 =head1 PERMISSIONS