# File ../../auditor/lib/kasp_auditor/partial_auditor.rb, line 749
    def do_basic_nsec3_checks(line)
      # Should we have any NSEC3s in this zone?
      if (@config.denial.nsec)
        log(LOG_ERR, "NSEC3 RRs included in NSEC-signed zone")
        return
      end
      # Check TTL
      split = line.split
      check_nsec_ttl(split[1], line, "NSEC3")
      # Check that the parameters are the same as those defined in the config
      salt = split[7]
      if (salt != @config.denial.nsec3.hash.salt)
        log(LOG_ERR, "NSEC3 has wrong salt : should be #{@config.denial.nsec3.hash.salt} but was #{salt}")
      end
      iterations = split[6].to_i
      if (iterations != @config.denial.nsec3.hash.iterations)
        log(LOG_ERR, "NSEC3 has wrong iterations : should be #{@config.denial.nsec3.hash.iterations} but was #{iterations}")
      end
      hash_alg = split[4].to_i
      if (hash_alg != @config.denial.nsec3.hash.algorithm)
        log(LOG_ERR, "NSEC3 has wrong algorithm : should be #{@config.denial.nsec3.hash.algorithm} but was #{hash_alg}")
      end
      # Check that following owner names works. In this case, we are best off storing all NSECs
      # in a temporary .nsec file, which we can get the OS to sort once we've done the main pass.
      if (@scan_options.follow_nsec_loop)
        add_to_nsec_file(line)
      end
    end