Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
a6887424
Commit
a6887424
authored
Jun 26, 2018
by
Ondřej Surý
Committed by
Evan Hunt
Jun 26, 2018
Browse files
Un-deprecate the answer-cookie option
parent
19f4d840
Pipeline
#2657
passed with stages
in 6 minutes and 8 seconds
Changes
4
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
a6887424
4983. [cleanup] Remove the deprecated flag from "answer-cookie";
it will be allowed to persist into 9.13. [GL #275].
4982. [cleanup] Return FORMERR if the question section is empty
and no COOKIE option is present; this restores
older behavior except in the newly specified
...
...
doc/arm/Bv9ARM-book.xml
View file @
a6887424
...
...
@@ -6183,19 +6183,16 @@ options {
options level, not per-view.
</para>
<para>
<command>answer-cookie</command> is only available
as a temporary measure, for use when
<command>named</command> shares an IP address
with other servers that do not yet support DNS
COOKIE. A mismatch between servers on the same
address is not expected to cause operational
problems, but the option to disable COOKIE responses
so that all servers have the same behavior is
provided out of an abundance of caution. DNS COOKIE
is an important security mechanism and should not be
disabled unless absolutely necessary. The
<command>answer-cookie</command> option is obsolete
as of BIND 9.13.
<command>answer-cookie no</command> is only intended as a
temporary measure, for use when <command>named</command>
shares an IP address with other servers that do not yet
support DNS COOKIE. A mismatch between servers on the
same address is not expected to cause operational
problems, but the option to disable COOKIE responses so
that all servers have the same behavior is provided out
of an abundance of caution. DNS COOKIE is an important
security mechanism, and should not be disabled unless
absolutely necessary.
</para>
</listitem>
</varlistentry>
...
...
doc/arm/notes.xml
View file @
a6887424
...
...
@@ -118,8 +118,7 @@
servers have the same behavior is provided out of an
abundance of caution. DNS COOKIE is an important security
mechanism and should not be disabled unless absolutely
necessary. The
<command>
answer-cookie
</command>
option
is obsolete as of BIND 9.13.
necessary.
</para>
</listitem>
</itemizedlist>
...
...
@@ -135,6 +134,26 @@
using (now obsolete) idnkit-1 library.
</para>
</listitem>
<listitem>
<para>
Add the ability to not return a DNS COOKIE option when one
is present in the request. To prevent a cookie being returned
add
<command>
answer-cookie no;
</command>
to
<filename>
named.conf
</filename>
. [GL #173]
</para>
<para>
<command>
answer-cookie no
</command>
is only intended as a
temporary measure, for use when
<command>
named
</command>
shares an IP address with other servers that do not yet
support DNS COOKIE. A mismatch between servers on the
same address is not expected to cause operational problems,
but the option to disable COOKIE responses so that all
servers have the same behavior is provided out of an
abundance of caution. DNS COOKIE is an important security
mechanism, and should not be disabled unless absolutely
necessary.
</para>
</listitem>
</itemizedlist>
</section>
...
...
lib/isccfg/namedconf.c
View file @
a6887424
...
...
@@ -1024,7 +1024,7 @@ static cfg_type_t cfg_type_fstrm_model = {
*/
static
cfg_clausedef_t
options_clauses
[]
=
{
{
"answer-cookie"
,
&
cfg_type_boolean
,
CFG_CLAUSEFLAG_DEPRECATED
},
{
"answer-cookie"
,
&
cfg_type_boolean
,
0
},
{
"automatic-interface-scan"
,
&
cfg_type_boolean
,
0
},
{
"avoid-v4-udp-ports"
,
&
cfg_type_bracketed_portlist
,
0
},
{
"avoid-v6-udp-ports"
,
&
cfg_type_bracketed_portlist
,
0
},
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment