Commit cc5c3b59 authored by Ondřej Surý's avatar Ondřej Surý Committed by Evan Hunt
Browse files

Update CHANGES and doc to reflect changes in master

parent 379d4077
Pipeline #2655 passed with stages
in 8 minutes and 17 seconds
4983. [func] Add the ability to not return a DNS COOKIE option
when one is present in the request (answer-cookie no;).
[GL #173]
4982. [cleanup] Return FORMERR if the question section is empty
and no COOKIE option is present; this restores
older behavior except in the newly specified
......@@ -48,9 +52,7 @@
 
4967. [cleanup] Add "answer-cookie" to the parser, marked obsolete.
 
4966. [func] Add the ability to not return a DNS COOKIE option
when one is present in the request (answer-cookie no;).
[GL #173]
4966. [placeholder]
 
4965. [func] Add support for marking options as deprecated.
[GL #322]
......
......@@ -6112,15 +6112,15 @@ options {
options level, not per-view.
</para>
<para>
<command>answer-cookie</command> is only intended as an
available measure, for use when <command>named</command>
<command>answer-cookie no</command> is intended as a
temporary measure, for use when <command>named</command>
shares an IP address with other servers that do not yet
support DNS COOKIE. A mismatch between servers on the same
address is not expected to cause operational problems, but the
option to disable COOKIE responses so that all servers have
the same behavior is provided out of an abundance of
caution. DNS COOKIE is an important security mechanism and
should not be disabled unless absolutely necessary.
address is not expected to cause operational problems, but
the option to disable COOKIE responses so that all servers
have the same behavior is provided out of an abundance of
caution. DNS COOKIE is an important security mechanism,
and should not be disabled unless absolutely necessary.
</para>
</listitem>
</varlistentry>
......
......@@ -208,13 +208,13 @@
add 'answer-cookie no;' to named.conf. [GL #173]
</para>
<para>
<command>answer-cookie</command> is only intended as an available
<command>answer-cookie</command> is only intended as a temporary
measure, for use when <command>named</command> shares an IP address
with other servers that do not yet support DNS COOKIE. A mismatch
between servers on the same address is not expected to cause
operational problems, but the option to disable COOKIE responses so
that all servers have the same behavior is provided out of an
abundance of caution. DNS COOKIE is an important security mechanism
abundance of caution. DNS COOKIE is an important security mechanism,
and should not be disabled unless absolutely necessary.
</para>
</listitem>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment