From: Ondřej Surý Date: Tue, 26 Jun 2018 09:56:20 +0000 (+0200) Subject: Update CHANGES and doc to reflect changes in master X-Git-Tag: v9.13.2~11^2 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=cc5c3b59487fa04d740b4c87e6ca785ca38815b5;p=thirdparty%2Fbind9.git Update CHANGES and doc to reflect changes in master --- diff --git a/CHANGES b/CHANGES index d6b353b0aed..318c9d32c8f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +4983. [func] Add the ability to not return a DNS COOKIE option + when one is present in the request (answer-cookie no;). + [GL #173] + 4982. [cleanup] Return FORMERR if the question section is empty and no COOKIE option is present; this restores older behavior except in the newly specified @@ -48,9 +52,7 @@ 4967. [cleanup] Add "answer-cookie" to the parser, marked obsolete. -4966. [func] Add the ability to not return a DNS COOKIE option - when one is present in the request (answer-cookie no;). - [GL #173] +4966. [placeholder] 4965. [func] Add support for marking options as deprecated. [GL #322] diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index c5037334eca..9aa63163e9b 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -6112,15 +6112,15 @@ options { options level, not per-view. - answer-cookie is only intended as an - available measure, for use when named + answer-cookie no is intended as a + temporary measure, for use when named shares an IP address with other servers that do not yet support DNS COOKIE. A mismatch between servers on the same - address is not expected to cause operational problems, but the - option to disable COOKIE responses so that all servers have - the same behavior is provided out of an abundance of - caution. DNS COOKIE is an important security mechanism and - should not be disabled unless absolutely necessary. + address is not expected to cause operational problems, but + the option to disable COOKIE responses so that all servers + have the same behavior is provided out of an abundance of + caution. DNS COOKIE is an important security mechanism, + and should not be disabled unless absolutely necessary. diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml index 8efcdd65646..42e724fa1d9 100644 --- a/doc/arm/notes.xml +++ b/doc/arm/notes.xml @@ -208,13 +208,13 @@ add 'answer-cookie no;' to named.conf. [GL #173] - answer-cookie is only intended as an available + answer-cookie is only intended as a temporary measure, for use when named shares an IP address with other servers that do not yet support DNS COOKIE. A mismatch between servers on the same address is not expected to cause operational problems, but the option to disable COOKIE responses so that all servers have the same behavior is provided out of an - abundance of caution. DNS COOKIE is an important security mechanism + abundance of caution. DNS COOKIE is an important security mechanism, and should not be disabled unless absolutely necessary.