2828. [security] Cached CNAME or DNAME RR could be returned to clients

without DNSSEC validation. [RT #20737]

9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)

bin/tests/system/dnssec/ns2/example.db.in

@@ -13,7 +13,7 @@
 ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 ; PERFORMANCE OF THIS SOFTWARE.
 
-; $Id: example.db.in,v 1.21 2009/10/27 23:47:44 tbox Exp $
+; $Id: example.db.in,v 1.22 2009/12/30 08:02:22 jinmei Exp $
 
 $TTL 300	; 5 minutes
 @			IN SOA	mname1. . (
@@ -36,6 +36,9 @@ d			A	10.0.0.4
 foo			TXT	"testing"
 foo			A	10.0.1.0
 
+bad-cname		CNAME   a
+bad-dname		DNAME   @
+
 ; Used for testing CNAME queries
 cname1			CNAME	cname1-target
 cname1-target		TXT	"testing cname"