Add test for the proposed fix
This test asserts that option "deny-answer-aliases" works correctly
when forwarding requests.
As a matter of example, the behavior expected for a forwarder BIND
instance, having an option such as deny-answer-aliases { "domain"; }
is that when forwarding a request for *.anything-but-domain, it is
expected that it will return SERVFAIL if any answer received has a CNAME
for "*.domain".
(cherry picked from commit 9bdb960a16a69997b08746e698b6b02c8dc6c795)
This commit is contained in:
Diego Fronza
committed by
Ondřej Surý
Ondřej Surý
parent
bba353d512
commit
2cba24a6d5
13
bin/tests/system/forward/ns5/rebind.db
Normal file
13
bin/tests/system/forward/ns5/rebind.db
Normal file
@@ -0,0 +1,13 @@
|
||||
$TTL 86400
|
||||
@ IN SOA rebind. admin.rebind. (
|
||||
1 ; Serial
|
||||
604800 ; Refresh
|
||||
86400 ; Retry
|
||||
2419200 ; Expire
|
||||
86400 ) ; Negative Cache TTL
|
||||
|
||||
@ IN NS ns
|
||||
|
||||
ns IN A 10.53.0.5
|
||||
|
||||
subdomain IN A 10.53.0.1
|
||||
Reference in New Issue
Block a user