+sub zone_check_nsrrset ($$$$) {
+ my ($uaddr,$ww, $is_auth, $glueless_ok) = @_;
+ my (@s, $s, %s2g, @glue, $glue, $delgs_or_auths);
+ verbose("checking delegation by $ww");
+ dig(sub {
+ if ($dig_type eq 'ns' && $dig_owner eq $zone) {
+ $s2g{lc $dig_rdata} = [ ];
+ } elsif ($dig_type eq 'a' && exists $s2g{$dig_owner}) {
+ push @to_check,
+ $dig_rdata,
+ "$dig_owner, in glue from $ww",
+ 1, 0;
+ $addr_is_ok{$dig_rdata}= "$dig_owner (NS [$uaddr])"
+ if $cfg->{'style'} eq 'stealth';
+ push @{ $s2g{$dig_owner} }, $dig_rdata;
+ }
+ },
+ $zone,'ns',$uaddr);
+ if (!%s2g) { zone_warning("unable to find NS RRset at $ww"); return; }
+ elsif (keys %s2g == 1) { zone_warning("only one nameserver at $ww"); }
+ @s= sort keys %s2g;
+ foreach $s (@s) {
+ @glue= @{ $s2g{$s} };
+ if (!@glue) {
+ zone_warning("glueless NS $s, from $ww") unless $glueless_ok;
+ next;
+ }
+ $glue= join ' ', sort @glue;
+ push @{ $glue{$s}{$glue} }, $ww;
+ }
+ $s= join ' ', @s;
+ $delgs_or_auths= $is_auth ? \%auths : \%delgs;
+ push @{ $delgs_or_auths->{$s} }, $ww;
+}
+
+sub zone_check_soa ($$) {
+ my ($uaddr,$ww) = @_;
+ my ($lame,$origin,$got,$rcode,@soa_addrs,$soa_addr);
+ verbose("checking service at $ww");
+ $lame= 'dead or lame';
+ dig(sub {
+ if ($dig_type eq 'flags:') {
+ $lame= $dig_rdata =~ m/ aa / ? '' : 'lame';
+ } elsif ($dig_type eq 'soa' && $dig_owner eq $zone && !$lame) {
+ die "several SOAs ? $ww" if defined $origin;
+ $got= $dig_rdata;
+ $got =~ m/^(\S+) \d+/ or die "$got ?";
+ $origin= $1;
+ }
+ },
+ $zone,'soa',$uaddr);
+ $lame= 'broken' if !$lame && !defined $origin;
+ if ($lame) { zone_warning("$lame server $ww"); return; }
+ push @{ $soas{$got} }, $ww;
+ ($rcode,@soa_addrs)= lookup($origin,'a','0');
+ foreach $soa_addr (@soa_addrs) {
+ $addr_is_ok{$soa_addr}= "$origin (SOA [$uaddr])";
+ push @to_check,
+ $soa_addr,
+ "$origin, SOA ORIGIN from $ww";
+ }
+}
+