diff --git a/bin/tests/system/resolver/ans3/ans.pl b/bin/tests/system/resolver/ans3/ans.pl
index 893c9ed8d5..880848e9c2 100644
--- a/bin/tests/system/resolver/ans3/ans.pl
+++ b/bin/tests/system/resolver/ans3/ans.pl
@@ -102,6 +102,9 @@ sub handleQuery {
 		$packet->push("answer",
 			      new Net::DNS::RR($qname .
 				       " 300 CNAME goodcname.example.org"));
+	} elsif ($qname =~ /^longcname/) {
+		$cname = $qname =~ s/longcname/longcnamex/r;
+		$packet->push("answer", new Net::DNS::RR($qname . " 300 CNAME " . $cname));
 	} elsif ($qname =~ /^nodata\.example\.net$/i) {
 		$packet->header->aa(1);
 	} elsif ($qname =~ /^nxdomain\.example\.net$/i) {
diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh
index 0296ad6413..83e0ed404c 100755
--- a/bin/tests/system/resolver/tests.sh
+++ b/bin/tests/system/resolver/tests.sh
@@ -222,6 +222,17 @@ if [ -x "${RESOLVE}" ]; then
   status=$((status + ret))
 fi
 
+n=$((n + 1))
+echo_i "checking long CNAME chain target filtering (deny) ($n)"
+ret=0
+dig_with_opts +tcp longcname1.example.net @10.53.0.1 a >dig.out.ns1.test${n} || ret=1
+grep -F "status: SERVFAIL" dig.out.ns1.test${n} >/dev/null || ret=1
+grep -F "max. restarts reached" dig.out.ns1.test${n} >/dev/null || ret=1
+lines=$(grep -F "CNAME" dig.out.ns1.test${n} | wc -l)
+test ${lines:-1} -eq 17 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
 n=$((n + 1))
 echo_i "checking DNAME target filtering (deny) ($n)"
 ret=0