diff --git a/CHANGES b/CHANGES
index 6f89b8d31e..59c5f56651 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,8 @@
 
+2.6-80 | 2019-01-16 11:14:47 -0600
+
+  * Patch to recognized the Revoked bit in DNSKEY Flag (Fatema BW)
+
 2.6-77 | 2019-01-15 14:24:55 -0600
 
   * GH-170: fix segfault triggered by invalid pattern symbols (Jon Siwek, Corelight)
diff --git a/VERSION b/VERSION
index d779f10045..7bb31b39f8 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.6-77
+2.6-80
diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc
index bf0c1a52b1..853be8f083 100644
--- a/src/analyzer/protocol/dns/DNS.cc
+++ b/src/analyzer/protocol/dns/DNS.cc
@@ -924,9 +924,16 @@ int DNS_Interpreter::ParseRR_DNSKEY(DNS_MsgInfo* msg,
 	//Evaluating the size of remaining bytes for Public Key
 	BroString* key = ExtractStream(data, len, rdlength - 4);
 
-	if ( dflags != 256 and dflags != 257 and dflags != 0 )
+	// flags bit  7: zone key
+	// flags bit  8: revoked
+	// flags bit 15: Secure Entry Point, key signing key
+	if ( (dflags & 0xfe7e) != 0 )
 		analyzer->Weird("DNSSEC_DNSKEY_Invalid_Flag", fmt("%d", dflags));
 
+	// flags bit 7, 8, and 15 all set
+	if ( (dflags & 0x0181) == 0x0181 )
+		analyzer->Weird("DNSSEC_DNSKEY_Revoked_KSK", fmt("%d", dflags));
+
 	if ( dprotocol != 3 )
 		analyzer->Weird("DNSSEC_DNSKEY_Invalid_Protocol", fmt("%d", dprotocol));