Document how rate limiting uses DNS cookies.
The reference manual gives the impression that rate limiting ignores DNS cookies. My experiments show that clients that support DNS cookies are sent server cookies instead of truncated responses, and clients that present a valid server cookie are exempted from rate limiting. This is great, but it should be documented.
Here's a patch to document the behaviour as I understand it from my observations. It might be good if someone who knows the code would fact-check this.