diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html index 84ee7a3298..ddab718b3e 100644 --- a/doc/arm/Bv9ARM.ch03.html +++ b/doc/arm/Bv9ARM.ch03.html @@ -730,7 +730,7 @@ zone "eng.example.com" { keyname [view]

- Delete a given TKEY-negotated key from the server. + Delete a given TKEY-negotiated key from the server. (This does not apply to statically configured TSIG keys.)

diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html index 8943d705e6..d25d2fce33 100644 --- a/doc/arm/Bv9ARM.ch06.html +++ b/doc/arm/Bv9ARM.ch06.html @@ -3468,7 +3468,7 @@ options {

If break-dnssec, - then AAAA records are deleted even when dnssec is enabled. + then AAAA records are deleted even when DNSSEC is enabled. As suggested by the name, this makes the response not verify, because the DNSSEC protocol is designed detect deletions.

@@ -3496,7 +3496,7 @@ options {
filter-aaaa-on-v6

Identical to filter-aaaa-on-v4, - excppt it filters AAAA responses to queries from IPv6 + except it filters AAAA responses to queries from IPv6 clients instead of IPv4 clients. To filter all responses, set both options to yes.

@@ -7556,7 +7556,7 @@ example.com. NS ns2.example.net.

If yes, this enables "bump in the wire" signing of a zone, where a - unsigned zone is transfered in or loaded from + unsigned zone is transferred in or loaded from disk and a signed version of the zone is served, with possibly, a different serial number. This behaviour is disabled by default.