Skip to content

[CVE-2021-25220] Add tests for forwarder cache poisoning scenarios

Michal Nowak requested to merge 2950-cache-acceptance-rules-test into main
  • Check that an NS in an authority section returned from a forwarder which is above the name in a configured "forward first" or "forward only" zone (i.e., net/NS in a response from a forwarder configured for local.net) is not cached.
  • Test that a DNAME for a parent domain will not be cached when sent in a response from a forwarder configured to answer for a child.
  • Check that glue is rejected if its name falls below that of zone configured locally.
  • Check that an extra out-of-bailiwick data in the answer section is not cached (this was already working correctly, but was not explicitly tested before).

Closes #2950 (closed)

Merge request reports