[master] fix typos
This commit is contained in:
Evan Hunt
15
CHANGES
15
CHANGES
@@ -15,11 +15,12 @@
|
||||
been adjusted to improve performance. [RT #35417]
|
||||
|
||||
3750. [experimental] Partially implement EDNS EXPIRE option as described
|
||||
in draft-andrews-dnsext-expire-00. Retrivial of
|
||||
remaining time to expiry from slave zones is supported.
|
||||
in draft-andrews-dnsext-expire-00. Retrievial of
|
||||
the remaining time until expiry for slave zones
|
||||
is supported.
|
||||
|
||||
EXPIRE uses an experimental option code (65002) and
|
||||
is subject to change. [RT #35416]
|
||||
EXPIRE uses an experimental option code (65002),
|
||||
which is subject to change. [RT #35416]
|
||||
|
||||
3749. [func] "dig +subnet" sends an EDNS client subnet option
|
||||
containing the specified address/prefix when
|
||||
@@ -49,9 +50,9 @@
|
||||
spoofed responses and for servers to identify
|
||||
legitimate clients.
|
||||
|
||||
SIT uses an experimental EDNS option code (65001).
|
||||
[This will be changed to a IANA assigned value if
|
||||
the experiment is deemed a success.]
|
||||
SIT uses an experimental EDNS option code (65001),
|
||||
which will be changed to an an IANA-assigned value
|
||||
if the experiment is deemed a success.
|
||||
|
||||
SIT can be enabled via "configure --enable-sit" (or
|
||||
--enable-developer). It is enabled by default in
|
||||
|
||||
@@ -6264,12 +6264,12 @@ options {
|
||||
If <userinput>yes</userinput>, then a SIT (Source Identity
|
||||
Token) EDNS option is sent along with the query. If the
|
||||
resolver has previously talked to the server, the SIT
|
||||
returned in the previous transaction is sent. This
|
||||
returned in the previous transaction is sent. This
|
||||
is used by the server to determine whether the resolver
|
||||
has talked to it before. A resolver sending the corret
|
||||
has talked to it before. A resolver sending the correct
|
||||
SIT is assumed not to be an off-path attacker sending a
|
||||
spoofed-source query; the query is therefore unlikely to
|
||||
be part of a reflection/amplification attack: resolvers
|
||||
be part of a reflection/amplification attack, so resolvers
|
||||
sending a correct SIT option are not subject to response
|
||||
rate limiting (RRL). Resolvers which do not send a correct
|
||||
SIT option may be limited to receiving smaller responses
|
||||
@@ -6282,7 +6282,7 @@ options {
|
||||
<para>
|
||||
If set, this is a shared secret used for generating and
|
||||
verifying Source Identity Token EDNS options within a
|
||||
anycast cluster. If not set the system will generation
|
||||
anycast cluster. If not set the system will generate
|
||||
a random secret at startup.
|
||||
</para>
|
||||
</varlistentry>
|
||||
@@ -10386,7 +10386,7 @@ rate-limit {
|
||||
|
||||
<para>
|
||||
The <command>nosit-udp-size</command> option sets the
|
||||
maximum size of udp responses that will be sent to
|
||||
maximum size of UDP responses that will be sent to
|
||||
queries without a valid source identity token. The command
|
||||
<command>max-udp-size</command> option may further limit
|
||||
the response size.
|
||||
|
||||
Reference in New Issue
Block a user