2cba24a6d5
This test asserts that option "deny-answer-aliases" works correctly
when forwarding requests.
As a matter of example, the behavior expected for a forwarder BIND
instance, having an option such as deny-answer-aliases { "domain"; }
is that when forwarding a request for *.anything-but-domain, it is
expected that it will return SERVFAIL if any answer received has a CNAME
for "*.domain".
(cherry picked from commit 9bdb960a16a69997b08746e698b6b02c8dc6c795)
63 lines
1.1 KiB
Plaintext
63 lines
1.1 KiB
Plaintext
/*
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
*
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
* information regarding copyright ownership.
|
|
*/
|
|
|
|
options {
|
|
query-source address 10.53.0.4;
|
|
notify-source 10.53.0.4;
|
|
transfer-source 10.53.0.4;
|
|
port @PORT@;
|
|
pid-file "named.pid";
|
|
listen-on { 10.53.0.4; };
|
|
listen-on-v6 { none; };
|
|
recursion yes;
|
|
dnssec-validation yes;
|
|
minimal-responses yes;
|
|
};
|
|
|
|
zone "." {
|
|
type hint;
|
|
file "root.db";
|
|
};
|
|
|
|
zone "example1." {
|
|
type forward;
|
|
forward first;
|
|
forwarders { 10.53.0.2; };
|
|
};
|
|
|
|
zone "example3." {
|
|
type forward;
|
|
forwarders { 10.53.0.2; };
|
|
};
|
|
|
|
zone "example5." {
|
|
type forward;
|
|
forward only;
|
|
forwarders { 10.53.0.2; };
|
|
};
|
|
|
|
zone "1.0.10.in-addr.arpa" {
|
|
type forward;
|
|
forward only;
|
|
forwarders { 10.53.0.2; };
|
|
};
|
|
|
|
zone "grafted" {
|
|
type forward;
|
|
forward only;
|
|
forwarders { 10.53.0.2; };
|
|
};
|
|
|
|
zone "malicious." {
|
|
type master;
|
|
file "malicious.db";
|
|
};
|