# File ../../auditor/lib/kasp_auditor/auditor.rb, line 669
    def Auditor.check_key_config(keys, unsigned_keys, key_cache, config, auditor)
      # This method should be called at the end of the run, when all the DNSKEY records
      # in both the signed and unsigned zones have been collated.
      # We don't bother checking keys which were defined in the unsigned zone

      # NEED TO CHECK POLICY CHANGES!!
      # No we don't only new keys are checked here! :-)

      keys.each {|l_rr|
        found_unsigned = false
        unsigned_keys.each {|uk|
          if ((uk.key_tag == l_rr.key_tag) && (uk.key == l_rr.key) && (uk.name == l_rr.name)) # Ignore the TTL
            found_unsigned = true
            break
          end
        }
        next if found_unsigned
        if (!key_cache.include_key?l_rr)
          l_rr.public_key
          # Check algorithm and length
          if (l_rr.sep_key?)
            # Check against all the KSKs defined in the config
            if !Auditor.match_key_config(l_rr, config.keys.ksks)
              # Print error
              auditor.log(LOG_ERR, "New KSK DNSKEY has incorrect algorithm (was #{l_rr.algorithm}) or alg_length (was #{l_rr.key_length})")
            end
          else
            # Check against all the ZSKs defined in the config
            if !Auditor.match_key_config(l_rr, config.keys.zsks)
              # Print error
              auditor.log(LOG_ERR, "New ZSK DNSKEY has incorrect algorithm (was #{l_rr.algorithm}) or alg_length (was #{l_rr.key_length})")
            end
          end
          if (l_rr.flags & ~RR::DNSKEY::SEP_KEY & ~RR::DNSKEY::REVOKED_KEY & ~RR::DNSKEY::ZONE_KEY > 0)
            auditor.log(LOG_ERR, "DNSKEY has invalid flags : #{l_rr}")
          end
          # Protocol check done by dnsruby when loading DNSKEY RR
          # Algorithm check done by dnsruby when loading DNSKEY RR
          # Check TTL
          if (config.keys.ttl != l_rr.ttl)
            auditor.log(LOG_ERR, "Key #{l_rr.key_tag} has incorrect TTL : #{l_rr.ttl} instead of zone policy #{config.keys.ttl}")
          end
        end
      }
    end