def do_basic_nsec3_checks(line)
if (@config.denial.nsec)
log(LOG_ERR, "NSEC3 RRs included in NSEC-signed zone")
return
end
split = line.split
check_nsec_ttl(split[1], line, "NSEC3")
salt = split[7]
if (salt != @config.denial.nsec3.hash.salt)
log(LOG_ERR, "NSEC3 has wrong salt : should be #{@config.denial.nsec3.hash.salt} but was #{salt}")
end
iterations = split[6].to_i
if (iterations != @config.denial.nsec3.hash.iterations)
log(LOG_ERR, "NSEC3 has wrong iterations : should be #{@config.denial.nsec3.hash.iterations} but was #{iterations}")
end
hash_alg = split[4].to_i
if (hash_alg != @config.denial.nsec3.hash.algorithm)
log(LOG_ERR, "NSEC3 has wrong algorithm : should be #{@config.denial.nsec3.hash.algorithm} but was #{hash_alg}")
end
if (@scan_options.follow_nsec_loop)
add_to_nsec_file(line)
end
end