Update ARM documentation

(cherry picked from commit b5265a8cfa8ed1818f2ea1ccbe2d2c66bbe0e431)

diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index f1a3d65e43e6456acc3755852051e7db32b7b481..37513b98c7e44848614ae847dbd61af51f699c2c 100644 (file)
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -6171,6 +6171,35 @@ options {
              </listitem>
            </varlistentry>
 
+           <varlistentry>
+             <term><command>answer-cookie</command></term>
+             <listitem>
+               <para>
+                 When set to the default value of <userinput>yes</userinput>,
+                 COOKIE EDNS options will be sent when applicable in
+                 replies to client queries. If set to
+                 <userinput>no</userinput>, COOKIE EDNS options will not
+                 be sent in replies.  This can only be set at the global
+                 options level, not per-view.
+               </para>
+               <para>
+                 <command>answer-cookie</command> is only available
+                 as a temporary measure, for use when
+                 <command>named</command> shares an IP address
+                 with other servers that do not yet support DNS
+                 COOKIE.  A mismatch between servers on the same
+                 address is not expected to cause operational
+                 problems, but the option to disable COOKIE responses
+                 so that all servers have the same behavior is
+                 provided out of an abundance of caution. DNS COOKIE
+                 is an important security mechanism and should not be
+                 disabled unless absolutely necessary.  The
+                 <command>answer-cookie</command> option is obsolete
+                 as of BIND 9.13.
+               </para>
+             </listitem>
+           </varlistentry>
+
            <varlistentry>
              <term><command>send-cookie</command></term>
              <listitem>