upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-10 21:29:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
bind9/bin/tests/system/dnssec_cname_response
History
Ondřej Surý 358c55ffa2
Add a system test for CNAME answers to DNSSEC meta-type queries 
Two authoritative zones drive the cases. 'example.' answers DNSKEY,
NSEC, NSEC3 and RRSIG queries with a CNAME: a direct recursive query for
one of these must not crash the resolver, and the validator's own DNSKEY
fetch for a signed name must fail as a broken trust chain and return
SERVFAIL promptly.

'secure.' is served faithfully but answers DS queries with an unsigned
CNAME -- the input that drove the validator's insecurity proof into a
self-join.  The resolver must return SERVFAIL within a couple of seconds
instead of stalling for twelve.

Assisted-by: Claude:claude-opus-4-8
2026-05-29 22:01:29 +02:00
..
ans2 Add a system test for CNAME answers to DNSSEC meta-type queries 2026-05-29 22:01:29 +02:00
ns3 Add a system test for CNAME answers to DNSSEC meta-type queries 2026-05-29 22:01:29 +02:00
tests_cname_rejection.py Add a system test for CNAME answers to DNSSEC meta-type queries 2026-05-29 22:01:29 +02:00