Commit 5f7a6232 authored by Mark Andrews's avatar Mark Andrews

add CHANGES and release notes

parent b5265a8c
Pipeline #2257 passed with stages
in 6 minutes and 15 seconds
4966. [func] Add the ability to not return a DNS COOKIE option
when one is present in the request (answer-cookie no;).
[GL #173]
4965. [func] Add support for marking options as deprecated.
[GL #322]
......
......@@ -77,6 +77,26 @@
'root-key-sentinel no;' to named.conf. [GL #37]
</para>
</listitem>
<listitem>
<para>
Add the ability to not return a DNS COOKIE option when one
is present in the request. To prevent a cookie being returned
add 'answer-cookie no;' to named.conf. [GL #173]
</para>
<para>
<command>answer-cookie</command> is only available as a
temporary measure, for use when <command>named</command>
shares an IP address with other servers that do not yet
support DNS COOKIE. A mismatch between servers on the
same address is not expected to cause operational problems,
but the option to disable COOKIE responses so that all
servers have the same behavior is provided out of an
abundance of caution. DNS COOKIE is an important security
mechanism and should not be disabled unless absolutely
necessary. The <command>answer-cookie</command> option
is obsolete as of BIND 9.13.
</para>
</listitem>
</itemizedlist>
</section>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment