# File ../../auditor/lib/kasp_auditor/auditor.rb, line 598
    def check_nsec3(l_rr)
      # Check the policy is not for NSEC!
      if (@config.denial.nsec)
        log(LOG_ERR, "NSEC3 RRs included in NSEC-signed zone")
        return
      end
      if (!@nsec3param && !@warned_about_nsec3param)
        log(LOG_ERR, "NSEC3 record found for #{l_rr.name}, before NSEC3PARAM record was found - won't report again for this zone")
        @warned_about_nsec3param = true
        @first_nsec3 = l_rr # Store so we have something to work with
      end
      # Check that the parameters are the same as those defined in the config
      if (l_rr.salt != @config.denial.nsec3.hash.salt)
        log(LOG_ERR, "NSEC3 has wrong salt : should be #{@config.denial.nsec3.hash.salt} but was #{l_rr.salt}")
      end
      if (l_rr.iterations != @config.denial.nsec3.hash.iterations)
        log(LOG_ERR, "NSEC3 has wrong iterations : should be #{@config.denial.nsec3.hash.iterations} but was #{l_rr.iterations}")
      end
      if (l_rr.hash_alg != @config.denial.nsec3.hash.algorithm)
        log(LOG_ERR, "NSEC3 has wrong algorithm : should be #{@config.denial.nsec3.hash.algorithm} but was #{l_rr.hash_alg}")
      end
      # Check TTL
      check_nsec_ttl(l_rr)
      #  Check NSEC3 next_hashed chain
      if (@last_nsec)
        check_nsec_next(l_rr, get_next_nsec3_name(@last_nsec))
      else
        check_nsec_next(l_rr, nil)
      end

      # Now record the owner name, the next hashed, and the types associated with it
      # This information will be used by the NSEC3Auditor once the zone file has
      # been processed.
      File.open(@working + "#{File::SEPARATOR}audit.nsec3.#{Process.pid}", "a") { |f|
        types = get_types_string(l_rr.types)
        f.write("#{l_rr.name.to_s} #{types}\n")
      }
      if (!l_rr.opt_out?)
        File.open(@working + "#{File::SEPARATOR}audit.optout.#{Process.pid}", "a") { |f|
          l_rr_name = l_rr.name.to_s
          if (@soa.name.to_s == "")
            l_rr_name += "."
          end
          f.write("#{l_rr_name} #{RR::NSEC3.encode_next_hashed(l_rr.next_hashed) + "." + @soa.name.to_s}\n")
        }
      end
    end