--- a/t/check_tlsa_record.t	Wed Jun 08 22:32:36 2016 +0200
+++ b/t/check_tlsa_record.t	Thu Jun 16 19:52:58 2016 +0200
@@ -3,6 +3,11 @@
 use strict;
 use warnings;
 use Test::More qw(no_plan);
+# @TODO write tests for
+# bad-hash.dane.verisignlabs.com -> The TLSA record for this server has an incorrect hash value, although it is correctly signed with DNSSEC
+# bad-params.dane.verisignlabs.com -> The TLSA record for this server has a correct hash value, incorrect TLSA parameters, and is correctly signed with DNSSEC. NOTE: The current Firefox plugin accepts these TLSA records as valid.
+# bad-sig.dane.verisignlabs.com -> The TLSA record for this server is correct, but the DNSSEC chain-of-trust is broken and/or has a bad signature. NOTE: If you have validation enabled you won't be able to look up the hostname anyway.
+# source: http://dane.verisignlabs.com/
 
 BEGIN { use_ok('Nagios::Check::DNS::check_tlsa_record') };
 
@@ -28,8 +33,8 @@
  my $test_main_domain_port_protocol = Nagios::Check::DNS::check_tlsa_record::main(($domain3, 443, 'tcp'));
  like($test_main_domain_port_protocol, qr(OK: .* is valid), 'main() ok with domain, port and protocol');
 
-  my $test_main_no_tlsa = Nagios::Check::DNS::check_tlsa_record::main(('google.com'));
-  like($test_main_no_tlsa, qr(WARNING: .*), 'main() warning when no SSL-Certificate  or no TLSA-Record/DANE is available');
+ my $test_main_no_tlsa = Nagios::Check::DNS::check_tlsa_record::main(('google.com'));
+ like($test_main_no_tlsa, qr(WARNING: .*), 'main() warning when no SSL-Certificate  or no TLSA-Record/DANE is available');
 
   my $test_main_default_port2 = Nagios::Check::DNS::check_tlsa_record::main(($domain4));
   like($test_main_default_port2, qr(CRITICAL: .* valid), 'main() critical when DANE not valid.');