# -*- mmm-classes: donuts-perl -*-
# Copyright 2004-2013 SPARTA, Inc.  All rights reserved.
# See the COPYING file included with the DNSSEC-Tools package for details.
#
# This file checks for misc sanity checks
#


name: DNS_REASONABLE_TTLS
level: 8
class: Warning
# 60 seconds min
minttl: 60
help: minttl: minimum ttl value acceptable for a record
# 7 days max
maxttl: 604800
desc: Checks to see if reasonable TTL values (configurable) were chosen for all the records in a zone.
help: maxttl: maximum ttl value acceptable for a record
<test>
  if ($record->ttl < $rule->{'minttl'}) {
    donuts_error("Record has a TTL which is unreasonably small ( " .
		 $record->ttl . " < min: " . $rule->{'minttl'} . ")");
  }
  if ($record->ttl > $rule->{'maxttl'}) {
    donuts_error("Record has a TTL which is unreasonably large ( " .
		 $record->ttl . " > max: " . $rule->{'maxttl'} . ")");
  }
</test>

name: DNS_NO_DOMAIN_MX_RECORDS
level: 8
class: Warning
ruletype: name
desc: Checks to ensure that the zone contains at least 1 MX record.
minmxrecords: 2
help: minmx: minimum number of MX records that should be in a domain
<test>
   if (exists($records->{'MX'}) &&
      $recordname eq $current_domain && $#{$records->{'MX'}}+1 < $rule->{'minmx'}) {
       donuts_error("$rule->{'minmx'} MX records are suggested for this zone");
   }
</test>
