# -*- mmm-classes: donuts-perl -*-
# Copyright 2004-2011 SPARTA, Inc.  All rights reserved.
# See the COPYING file included with the DNSSEC-Tools package for details.
#
# This file checks for misc sanity checks
#


name: DNS_REASONABLE_TTLS
level: 8
class: Warning
# 60 seconds min
minttl: 60
help: minttl: minimum ttl value acceptable for a record
# 7 days max
maxttl: 604800
desc: Checks to see if reasonable TTL values (configurable) were chosen for all the records in a zone.
help: maxttl: maximum ttl value acceptable for a record
<test>
  if ($record->ttl < $rule->{'minttl'}) {
    donuts_error("Record has a TTL which is unreasonably small ( " .
		 $record->ttl . " < min: " . $rule->{'minttl'} . ")");
  }
  if ($record->ttl > $rule->{'maxttl'}) {
    donuts_error("Record has a TTL which is unreasonably large ( " .
		 $record->ttl . " > max: " . $rule->{'maxttl'} . ")");
  }
</test>

name: DNS_NO_DOMAIN_MX_RECORDS
level: 8
class: Warning
ruletype: name
desc: Checks to ensure that the zone contains at least 1 MX record.
<test>
   if ($recordname eq $current_domain && $#{$records->{'MX'}} == -1) {
       donuts_error("At least one MX record for $current_domain is suggested");
   }
</test>