From cf66e748635a8c1611a2728fefe9dc499495f70a Mon Sep 17 00:00:00 2001
From: "Jeremy C. Reed" <jreed@isc.org>
Date: Mon, 11 Aug 2014 20:29:57 +0000
Subject: [PATCH] modify warning about abuse of the dhcp-ddns server

discussed little on jabber.
I opened a new ticket to fix code to at #3514
---
 doc/guide/ddns.xml | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/doc/guide/ddns.xml b/doc/guide/ddns.xml
index 5ebaf365f9..7c5994e834 100644
--- a/doc/guide/ddns.xml
+++ b/doc/guide/ddns.xml
@@ -168,14 +168,15 @@
 	</para>
 	<warning>
 	  <simpara>
-	    When the DHCP-DDNS server is configured to listen at an address
-	    other than the loopback address (127.0.0.1 or ::1), it is possible
-	    for a malicious attacker to send bogus NameChangeRequests to it
-	    and change entries in the DNS. For this reason, addresses other
-	    than the IPv4 or IPv6 loopback addresses should only be used
-	    for testing purposes. A future version of Kea will implement
+	    It is possible for a malicious attacker to send bogus
+	    NameChangeRequests to the DHCP-DDNS server.  Addresses
+	    other than the IPv4 or IPv6 loopback addresses (127.0.0.1
+	    or ::1) should only be used for testing purposes, but
+	    note that local users may still communicate with the
+	    DHCP-DDNS server.  A future version of Kea will implement
 	    authentication to guard against such attacks.
 	  </simpara>
+<!-- see ticket #3514 -->
 	</warning>
 <note>
 <simpara>
-- 
2.47.2