# File ../../auditor/lib/kasp_auditor/partial_auditor.rb, line 62
    def check_zone(config, unsigned_file, signed_file, enforcer_interval)
      # Run quick checks on the zone.
      # These include :
      #   a) Checking if the number of non-DNSSEC records is the same
      #   b) Checking details of some records as we go
      #
      #  So, we can look out for the interesting records as we go, and only bother
      #  to parse them. Of course, we also need to store some somewhere so we can
      #  compare them after - this could be in memory (if there are few) or in a file
      #  if there are many. We'll need at least those records at the zone apex.
      #
      @num_output_lines = 0
      pid = Process.pid
      temp_unsigned_file = (@working + File::SEPARATOR + File.basename(unsigned_file) + ".#{pid}").untaint
      temp_signed_file = (@working + File::SEPARATOR + File.basename(signed_file) + ".#{pid}").untaint
      temp_keys_file = (@working + File::SEPARATOR + File.basename(signed_file) + ".keys.#{pid}").untaint
      temp_unsigned_keys_file = (@working + File::SEPARATOR + File.basename(signed_file) + ".unsigned.keys.#{pid}").untaint
      @nsec_temp_file = (@working + File::SEPARATOR + File.basename(signed_file) + ".nsec.#{pid}").untaint
      domain_file = (@working + File::SEPARATOR + File.basename(signed_file) + ".domains.#{pid}").untaint
      # Set up a buffer for writing the NSEC records to
      @nsec_buffer = []
      # Remember to flush the buffer when the scan is complete!
      begin # Make sure we delete the temp files afterwards
        @ret_val = 999
        set_config(config)
        @keys = []
        @keys_original = []

        @soa = nil
        @enforcer_interval=enforcer_interval
        @keys_used = []
        @domain_list = []
        log(LOG_INFO, "Auditing #{@config.name} zone : #{@config.denial.nsec ? 'NSEC' : 'NSEC3'} SIGNED")

        # Load the stored key history from previous runs
        @key_tracker = KeyTracker.new(@working, @config.name, self, @config, @enforcer_interval, @config.signatures.validity.default)
        @key_cache = @key_tracker.load_tracker_cache

        # Work out what we need to check about this zone, and thus what we
        # should be looking for as we run through the input files.
        @scan_options = get_scan_options

        types_to_find = {"DNSKEY" => lambda {|split| do_basic_dnskey_checks(split)},
          #        "SOA" => lambda {|split| do_basic_soa_checks(split)},
          "RRSIG" => lambda {|split| do_basic_rrsig_checks(split)}}
        types_to_find["NSEC"]=lambda{|split| do_basic_nsec_checks(split)} # if @scan_options.nsec
        types_to_find["NSEC3"]=lambda{|split| do_basic_nsec3_checks(split)} # if @scan_options.nsec3
        types_to_find["NSEC3PARAM"]=lambda{|split| do_basic_nsec3param_checks(split)} # if @scan_options.nsec3param
        # Remember that TYPE may be either "DNSKEY" or "TYPE46" - but the ods-signer will always write DNSKEY

        if (@scan_options.num_domains)
          load_domains((signed_file.to_s + "").untaint)
        end

        #
        # Start scanning through the output file to make sure that it looks good
        # Also start scanning through the input file to pick out the interesting records

        begin
          pids=[]
          srd, swr = IO.pipe
          new_pid = fork {signed_scanner = SignedZoneScanner.new(self, config, types_to_find)
            begin
              srd.close
              @ret_val = 999
              rr_count, soa = signed_scanner.scan_signed_file(signed_file, domain_file)
              store_keys_and_keys_used(temp_keys_file)
              flush_nsec_buffer
              swr.write("#{@ret_val}\n")
              swr.write("#{rr_count}\n")
              swr.write("#{soa}\n")
              swr.close
            rescue Exception => e
              print e.backtrace
              raise e
            end
          }
          swr.close
          pids.push(new_pid)
          urd, uwr = IO.pipe
          new_pid = fork {
            urd.close
            @ret_val = 999
            unsigned_scanner = UnsignedZoneScanner.new(self, config)
            rr_count, soa = unsigned_scanner.scan_unsigned_file(unsigned_file, temp_unsigned_file)
            unsigned_scanner.store_unsigned_keys(self, temp_unsigned_keys_file)
            uwr.write("#{@ret_val}\n")
            uwr.write("#{rr_count}\n")
            uwr.write("#{soa}\n")
            uwr.close
          }
          uwr.close
          pids.push(new_pid)
          unsigned_ret_val_string = urd.readline()
          rr_count_string = urd.readline()
          soa_line = urd.readline()
          unsigned_ret_val = unsigned_ret_val_string.split()[0].to_i
          unsigned_soa = RR.create(soa_line)
          unsigned_rr_count = rr_count_string.to_i
          urd.close
          signed_ret_val = srd.readline().split()[0].to_i
          rr_count_string = srd.readline()
          soa_line = srd.readline()
          signed_rr_count = rr_count_string.to_i
          signed_soa = RR.create(soa_line)
          srd.close
          pids.each {|id|
            ret_id, ret_status = Process.wait2(id)
            if (ret_status != 0)
              @syslog.log(LOG_ERR, "Error auditing files (#{unsigned_file} and #{signed_file}) : ERR #{ret_status}")
              return ret_status
            end
          }
        ensure
        end
        #      load_soa(temp_unsigned_file)
        # SOA checks of signed against unsigned SOAs
        compare_soas(unsigned_soa, signed_soa)
        @soa = signed_soa
        load_keys_and_keys_used(temp_keys_file)
        unsigned_keys = load_unsigned_keys(temp_unsigned_keys_file)
        Auditor.check_key_config(@keys_original, unsigned_keys, @key_cache, @config, self)
        found_sep = false
        found_non_sep = false
        @keys.each {|key|
          if (@keys_used.include?key.key_tag)
            if (key.sep_key?)
              found_sep = true
            else
              found_non_sep = true
            end
          end
        }
        if (!found_sep)
          log(LOG_ERR, "No SEP DNSKEY found in use")
        end
        if (!found_non_sep)
          log(LOG_ERR, "No non-SEP DNSKEY found in use")
        end
        if (@scan_options.follow_nsec_loop)
          # Then, we can quickly scan through the .nsec file to make sure that they form a single closed loop.
          check_nsec_loop
        end
        #      print  "#{unsigned_rr_count} unsigned RRs found\n"
        #      print  "#{signed_rr_count} signed RRs found\n"
        if (unsigned_rr_count != signed_rr_count)
          # Remember to only count non-DNSSEC records here!
          # @TODO@ What about DNSSEC records in the input zone?
          log(LOG_WARNING, "Number of non-DNSSEC resource records differs : #{unsigned_rr_count} in #{unsigned_file}, and #{signed_rr_count} in #{signed_file}")
        end
        update_key_stores
        log(LOG_INFO, "Finished auditing #{@soa.name} zone")
        @ret_val = [@ret_val, unsigned_ret_val, signed_ret_val].min
        if (@ret_val == 999)
          return 0
        else
          return @ret_val
        end
      ensure # Make sure we always delete these files
        # @TODO@ Need to wait for both PIDs to finish, then close and delete the files before returning
        delete(temp_keys_file)
        delete(temp_unsigned_keys_file)
        delete(temp_signed_file)
        delete(temp_unsigned_file)
        delete(@nsec_temp_file)
        delete(domain_file)
      end
    end