Commit c6f91f8b authored by Brian Conry's avatar Brian Conry Committed by Ondřej Surý

arm: Add an explanation on the effect of 'require-server-cookie yes;'

parent c5453ea3
......@@ -6015,7 +6015,11 @@ options {
Set this to <userinput>yes</userinput> to test that DNS
COOKIE clients correctly handle BADCOOKIE or if you are
getting a lot of forged DNS requests with DNS COOKIES
present.
present. Setting this to <userinput>yes</userinput> will
result in reduced amplification effect in a reflection
attack, as the BADCOOKIE response will be smaller than
a full response, while also requiring a legitimate client
to follow up with a second query with the new, valid, cookie.
</para>
</listitem>
</varlistentry>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment