Commit 30ccde7c authored by Brian Conry's avatar Brian Conry Committed by Ondřej Surý
Browse files

arm: Add an explanation on the effect of 'require-server-cookie yes;'

(cherry picked from commit c6f91f8b)
parent bcb9fca0
......@@ -6046,7 +6046,11 @@ options {
Set this to <userinput>yes</userinput> to test that DNS
COOKIE clients correctly handle BADCOOKIE or if you are
getting a lot of forged DNS requests with DNS COOKIES
present. Setting this to <userinput>yes</userinput> will
result in reduced amplification effect in a reflection
attack, as the BADCOOKIE response will be smaller than
a full response, while also requiring a legitimate client
to follow up with a second query with the new, valid, cookie.
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment