mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-09-01 15:05:23 +00:00
Mukund Sivaraman
committed by
Evan Hunt
Evan Hunt
parent
a60cef9dec
commit
8c98e7abfe
@@ -6104,10 +6104,25 @@ options {
|
|||||||
<term><command>answer-cookie</command></term>
|
<term><command>answer-cookie</command></term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<emphasis>This option is obsolete</emphasis>.
|
When set to the default value of <userinput>yes</userinput>,
|
||||||
This option was used to prevent the sending of
|
COOKIE EDNS options will be sent when applicable in
|
||||||
a DNS COOKIE option in response to a request with
|
replies to client queries. If set to
|
||||||
one present in BIND 9.11 and BIND 9.12.
|
<userinput>no</userinput>, COOKIE EDNS options will not
|
||||||
|
be sent in replies. This can only be set at the global
|
||||||
|
options level, not per-view.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<command>answer-cookie</command> is only available
|
||||||
|
as a temporary measure, for use when
|
||||||
|
<command>named</command> shares an IP address
|
||||||
|
with other servers that do not yet support DNS
|
||||||
|
COOKIE. A mismatch between servers on the same
|
||||||
|
address is not expected to cause operational
|
||||||
|
problems, but the option to disable COOKIE responses
|
||||||
|
so that all servers have the same behavior is
|
||||||
|
provided out of an abundance of caution. DNS COOKIE
|
||||||
|
is an important security mechanism and should not be
|
||||||
|
disabled unless absolutely necessary.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|||||||
Reference in New Issue
Block a user