Add a answer-cookie named config option

bin/named/config.c

@@ -47,6 +47,7 @@
 /*% default configuration */
 static char defaultconf[] = "\
 options {\n\
+	answer-cookie true;\n\
 	automatic-interface-scan yes;\n\
 	bindkeys-file \"" NAMED_SYSCONFDIR "/bind.keys\";\n\
 #	blackhole {none;};\n"

bin/named/server.c

@@ -8829,6 +8829,11 @@ load_configuration(const char *filename, named_server_t *server,
 		server->flushonshutdown = ISC_FALSE;
 	}
 
+	obj = NULL;
+	result = named_config_get(maps, "answer-cookie", &obj);
+	INSIST(result == ISC_R_SUCCESS);
+	server->sctx->answercookie = cfg_obj_asboolean(obj);
+
 	obj = NULL;
 	result = named_config_get(maps, "cookie-algorithm", &obj);
 	INSIST(result == ISC_R_SUCCESS);

lib/isccfg/namedconf.c

@@ -1027,6 +1027,7 @@ static cfg_type_t cfg_type_fstrm_model = {
  */
 static cfg_clausedef_t
 options_clauses[] = {
+	{ "answer-cookie", &cfg_type_boolean, CFG_CLAUSEFLAG_DEPRECATED },
 	{ "automatic-interface-scan", &cfg_type_boolean, 0 },
 	{ "avoid-v4-udp-ports", &cfg_type_bracketed_portlist, 0 },
 	{ "avoid-v6-udp-ports", &cfg_type_bracketed_portlist, 0 },

lib/ns/client.c

@@ -1912,7 +1912,9 @@ process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
 	/*
 	 * If we have already seen a cookie option skip this cookie option.
 	 */
-	if ((client->attributes & NS_CLIENTATTR_WANTCOOKIE) != 0) {
+	if ((!client->sctx->answercookie) ||
+	    (client->attributes & NS_CLIENTATTR_WANTCOOKIE) != 0)
+	{
 		isc_buffer_forward(buf, (unsigned int)optlen);
 		return;
 	}

lib/ns/include/ns/server.h

@@ -76,6 +76,7 @@ struct ns_server {
 	unsigned char		secret[32];
 	ns_cookiealg_t		cookiealg;
 	ns_altsecretlist_t	altsecrets;
+	isc_boolean_t		answercookie;
 
 	/*% Quotas */
 	isc_quota_t		recursionquota;

lib/ns/server.c

@@ -104,6 +104,7 @@ ns_server_create(isc_mem_t *mctx, isc_entropy_t *entropy,
 	sctx->gethostname = NULL;
 
 	sctx->matchingview = matchingview;
+	sctx->answercookie = ISC_TRUE;
 
 	ISC_LIST_INIT(sctx->altsecrets);