# -*- mmm-classes: donuts-perl -*-
# Copyright 2006-2013 SPARTA, Inc.  All rights reserved.
# See the COPYING file included with the DNSSEC-Tools package for details.
#
# This file checks for basic DNS errors that are easy to overlook
#

# how they ever got this far, I'm not sure...
name: DNS_SOA_REQUIRED
level: 2
ruletype: name
desc: Checks for the number of a SOA records found in a zone (must be 1).
<test>
  if ($recordname eq $current_domain && $#{$records->{'SOA'}} == -1) {
     donuts_error("A SOA record for $current_domain is required");
  } elsif ($recordname eq $current_domain && $#{$records->{'SOA'}} > 0) {
     donuts_error("Multiple SOA records were found");
  }
</test>

#
# check that NS records don't point to CNAMEs
#
name: DNS_NS_NO_CNAME
level: 4
type: NS
desc: Checks to make sure that NS records don't point to CNAMEs
<test>
  my $data = donuts_records_by_name($record->nsdname);
  if (exists($data->{'CNAME'})) {
    donuts_error("A NS record for " . $record->name .
		 " points to " . $record->nsdname .
		 " which is a CNAME instead of an address record");
  }
  return;
</test>
