# -*- mmm-classes: donuts-perl -*-
# Copyright 2006-2011 SPARTA, Inc.  All rights reserved.
# See the COPYING file included with the DNSSEC-Tools package for details.
#
# This file checks for basic DNS errors that are easy to overlook
#

# how they ever got this far, I'm not sure...
name: DNS_SOA_REQUIRED
level: 2
ruletype: name
desc: Checks for the existence of an SOA record in a zone.
<test>
  if ($recordname eq $current_domain && $#{$records->{'SOA'}} == -1) {
     donuts_error("A SOA record for $current_domain is required");
  }
</test>

#
# memorize NS records for a zone
#
name: MEMORIZE_NS_CNAME_RECORDS
internal: yes
level: 1
type: NS
<test>
  if ($record->name eq $current_domain) {
    $DONUTS::DNSSEC::NSCNAMECHECK{$record->nsdname} = $record->name;
  }
  return;
</test>

#
# memorize NS records for a zone
#
name: DNS_NS_NO_CNAME
level: 4
type: CNAME
desc: Checks to make sure that NS records don't point to CNAMEs
<test>
  if (exists($DONUTS::DNSSEC::NSCNAMECHECK{$record->name})) {
    donuts_error("A NS record for " .
		 $DONUTS::DNSSEC::NSCNAMECHECK{$record->name} .
		 " points to " . $record->name .
		 " which is a CNAME instead of an address record");
  }
  return;
</test>