diff --git a/bin/tests/system/bailiwick/ans2/ans.py b/bin/tests/system/bailiwick/ans2/ans.py
index d1627fd5bd..1a9be3d931 100644
--- a/bin/tests/system/bailiwick/ans2/ans.py
+++ b/bin/tests/system/bailiwick/ans2/ans.py
@@ -77,6 +77,31 @@ class ParentGlueSpoofer(ResponseSpoofer, mode="parent-glue"):
         yield DnsResponseSend(response, authoritative=False)
 
 
+class DnameSpoofer(ResponseSpoofer, mode="dname"):
+
+    qname = "trigger.victim."
+
+    async def get_responses(
+        self, qctx: QueryContext
+    ) -> AsyncGenerator[ResponseAction, None]:
+        response = qctx.prepare_new_response(with_zone_data=False)
+
+        cname_rrset = dns.rrset.from_text(
+            qctx.qname,
+            TTL,
+            qctx.qclass,
+            dns.rdatatype.CNAME,
+            "trigger.attacker.",
+        )
+        dname_rrset = dns.rrset.from_text(
+            "victim.", TTL, qctx.qclass, dns.rdatatype.DNAME, "attacker."
+        )
+        response.answer.append(cname_rrset)
+        response.answer.append(dname_rrset)
+
+        yield DnsResponseSend(response, authoritative=True)
+
+
 def main() -> None:
     spoofing_server().run()
 
diff --git a/bin/tests/system/bailiwick/tests_bailiwick.py b/bin/tests/system/bailiwick/tests_bailiwick.py
index 2e1c845a22..7245c71bce 100644
--- a/bin/tests/system/bailiwick/tests_bailiwick.py
+++ b/bin/tests/system/bailiwick/tests_bailiwick.py
@@ -109,3 +109,11 @@ def test_bailiwick_parent_glue(servers: Dict[str, NamedInstance]) -> None:
     time.sleep(61)
 
     check_domain_hijack(ns4)
+
+
+def test_bailiwick_spoofed_dname(servers: Dict[str, NamedInstance]) -> None:
+    set_spoofing_mode(ans1="none", ans2="dname")
+
+    ns4 = servers["ns4"]
+    send_trigger_query(ns4, "trigger.victim.")
+    check_domain_hijack(ns4)