[CVE-2021-25220] Add tests for forwarder cache poisoning scenarios (!6062) · Merge requests · ISC Open Source Projects / BIND

Check that an NS in an authority section returned from a forwarder which is above the name in a configured "forward first" or "forward only" zone (i.e., net/NS in a response from a forwarder configured for local.net) is not cached.
Test that a DNAME for a parent domain will not be cached when sent in a response from a forwarder configured to answer for a child.
Check that glue is rejected if its name falls below that of zone configured locally.
Check that an extra out-of-bailiwick data in the answer section is not cached (this was already working correctly, but was not explicitly tested before).

[CVE-2021-25220] Add tests for forwarder cache poisoning scenarios