def do_final_nsec_check()
if ((!@first_nsec) && (!@first_nsec3))
log(LOG_ERR, "No #{nsec_string} records in zone")
return
end
if (@config.denial.nsec && (@first_nsec.type == Dnsruby::Types::NSEC))
if (@first_nsec && (@last_nsec.next_domain == @first_nsec.name))
else
if (@unknown_nsecs[@last_nsec.next_domain.to_s+"." + @zone_name + "."] &&
(@unknown_nsecs[@last_nsec.next_domain.to_s+"." + @zone_name + "."] == @first_nsec.to_s+"."))
else
log(LOG_ERR, "Can't follow NSEC loop from #{@last_nsec.name} to #{@last_nsec.next_domain}")
end
end
elsif (@config.denial.nsec3)
if (@first_nsec && (get_next_nsec3_name(@last_nsec).to_s == @first_nsec.name.to_s))
else
if (@unknown_nsecs[get_next_nsec3_name(@last_nsec).to_s+"."] &&
(@unknown_nsecs[get_next_nsec3_name(@last_nsec).to_s+"."] == @first_nsec.name.labels()[0].to_s))
else
log(LOG_ERR, "Can't follow NSEC3 loop from #{@last_nsec.name} to #{get_next_nsec3_name(@last_nsec)}. Was actually #{@first_nsec.name}")
end
end
end
end