arm: Add an explanation on the effect of 'require-server-cookie yes;'

(cherry picked from commit c6f91f8bd0)
This commit is contained in:
Brian Conry
2019-10-31 09:09:05 -05:00
committed by Ondřej Surý
parent bcb9fca00c
commit 30ccde7cdc
+5 -1
View File
@@ -6046,7 +6046,11 @@ options {
Set this to <userinput>yes</userinput> to test that DNS
COOKIE clients correctly handle BADCOOKIE or if you are
getting a lot of forged DNS requests with DNS COOKIES
present.
present. Setting this to <userinput>yes</userinput> will
result in reduced amplification effect in a reflection
attack, as the BADCOOKIE response will be smaller than
a full response, while also requiring a legitimate client
to follow up with a second query with the new, valid, cookie.
</para>
</listitem>
</varlistentry>