Un-deprecate the answer-cookie option

CHANGES

+4983.	[cleanup]	Remove the deprecated flag from "answer-cookie";
+			it will be allowed to persist into 9.13. [GL #275].
+
 4982.	[cleanup]	Return FORMERR if the question section is empty
 			and no COOKIE option is present; this restores
 			older behavior except in the newly specified

doc/arm/Bv9ARM-book.xml

@@ -6183,19 +6183,16 @@ options {
 		  options level, not per-view.
 		</para>
 		<para>
-		  <command>answer-cookie</command> is only available
-		  as a temporary measure, for use when
-		  <command>named</command> shares an IP address
-		  with other servers that do not yet support DNS
-		  COOKIE.  A mismatch between servers on the same
-		  address is not expected to cause operational
-		  problems, but the option to disable COOKIE responses
-		  so that all servers have the same behavior is
-		  provided out of an abundance of caution. DNS COOKIE
-		  is an important security mechanism and should not be
-		  disabled unless absolutely necessary.  The
-		  <command>answer-cookie</command> option is obsolete
-		  as of BIND 9.13.
+		  <command>answer-cookie no</command> is only intended as a
+		  temporary measure, for use when <command>named</command>
+		  shares an IP address with other servers that do not yet
+		  support DNS COOKIE.  A mismatch between servers on the
+		  same address is not expected to cause operational
+		  problems, but the option to disable COOKIE responses so
+		  that all servers have the same behavior is provided out
+		  of an abundance of caution. DNS COOKIE is an important
+		  security mechanism, and should not be disabled unless
+		  absolutely necessary.
 		</para>
 	      </listitem>
 	    </varlistentry>

doc/arm/notes.xml

@@ -118,8 +118,7 @@
 	  servers have the same behavior is provided out of an
 	  abundance of caution. DNS COOKIE is an important security
 	  mechanism and should not be disabled unless absolutely
-	  necessary.  The <command>answer-cookie</command> option
-	  is obsolete as of BIND 9.13.
+	  necessary.
 	</para>
       </listitem>
     </itemizedlist>
@@ -135,6 +134,26 @@
 	  using (now obsolete) idnkit-1 library.
 	</para>
       </listitem>
+      <listitem>
+	<para>
+	  Add the ability to not return a DNS COOKIE option when one
+	  is present in the request.  To prevent a cookie being returned
+	  add <command>answer-cookie no;</command> to
+	  <filename>named.conf</filename>. [GL #173]
+	</para>
+	<para>
+	  <command>answer-cookie no</command> is only intended as a
+	  temporary measure, for use when <command>named</command>
+	  shares an IP address with other servers that do not yet
+	  support DNS COOKIE.  A mismatch between servers on the
+	  same address is not expected to cause operational problems,
+	  but the option to disable COOKIE responses so that all
+	  servers have the same behavior is provided out of an
+	  abundance of caution. DNS COOKIE is an important security
+	  mechanism, and should not be disabled unless absolutely
+	  necessary.
+	</para>
+      </listitem>
     </itemizedlist>
   </section>
 

lib/isccfg/namedconf.c

@@ -1024,7 +1024,7 @@ static cfg_type_t cfg_type_fstrm_model = {
  */
 static cfg_clausedef_t
 options_clauses[] = {
-	{ "answer-cookie", &cfg_type_boolean, CFG_CLAUSEFLAG_DEPRECATED },
+	{ "answer-cookie", &cfg_type_boolean, 0 },
 	{ "automatic-interface-scan", &cfg_type_boolean, 0 },
 	{ "avoid-v4-udp-ports", &cfg_type_bracketed_portlist, 0 },
 	{ "avoid-v6-udp-ports", &cfg_type_bracketed_portlist, 0 },