diff --git a/bin/delv/delv.1 b/bin/delv/delv.1
index d4cde7334a..ae643c922b 100644
--- a/bin/delv/delv.1
+++ b/bin/delv/delv.1
@@ -63,7 +63,7 @@ is a tool for sending DNS queries and validating the results, using the same int
\fBdelv\fR
will send to a specified name server all queries needed to fetch and validate the requested data; this includes the original requested query, subsequent queries to follow CNAME or DNAME chains, and queries for DNSKEY, DS and DLV records to establish a chain of trust for DNSSEC validation\&. It does not perform iterative resolution, but simulates the behavior of a name server configured for DNSSEC validating and forwarding\&.
.PP
-By default, responses are validated using built\-in DNSSEC trust anchors for the root zone ("\&.") and for the ISC DNSSEC lookaside validation zone ("dlv\&.isc\&.org")\&. Records returned by
+By default, responses are validated using built\-in DNSSEC trust anchor for the root zone ("\&.")\&. Records returned by
\fBdelv\fR
are either fully validated or were not signed\&. If validation fails, an explanation of the failure is included in the output; the validation process can be traced in detail\&. Because
\fBdelv\fR
@@ -143,13 +143,13 @@ will perform a lookup for an A record\&.
Specifies a file from which to read DNSSEC trust anchors\&. The default is
/etc/bind\&.keys, which is included with
BIND
-9 and contains trust anchors for the root zone ("\&.") and for the ISC DNSSEC lookaside validation zone ("dlv\&.isc\&.org")\&.
+9 and contains one or more trust anchors for the root zone ("\&.")\&.
.sp
-Keys that do not match the root or DLV trust\-anchor names are ignored; these key names can be overridden using the
-\fB+dlv=NAME\fR
-or
+Keys that do not match the root zone name are ignored\&. An alternate key name can be specified using the
\fB+root=NAME\fR
-options\&.
+options\&. DNSSEC Lookaside Validation can also be turned on by using the
+\fB+dlv=NAME\fR
+to specify the name of a zone containing DLV records\&.
.sp
Note: When reading the trust anchor file,
\fBdelv\fR
@@ -412,9 +412,9 @@ must be used to specify a file containing the key\&.
.PP
\fB+[no]dlv[=DLV]\fR
.RS 4
-Indicates whether to perform DNSSEC lookaside validation, and if so, specifies the name of the DLV trust anchor\&. The default is to perform lookaside validation using a trust anchor of "dlv\&.isc\&.org", for which there is a built\-in key\&. If specifying a different name, then
+Indicates whether to perform DNSSEC lookaside validation, and if so, specifies the name of the DLV trust anchor\&. The
\fB\-a\fR
-must be used to specify a file containing the DLV key\&.
+option must also be used to specify a file containing the DLV key\&.
.RE
.SH "FILES"
.PP
diff --git a/bin/delv/delv.html b/bin/delv/delv.html
index 06b814dbfb..bb02d8171d 100644
--- a/bin/delv/delv.html
+++ b/bin/delv/delv.html
@@ -99,8 +99,7 @@
By default, responses are validated using built-in DNSSEC trust
- anchors for the root zone (".") and for the ISC DNSSEC lookaside
- validation zone ("dlv.isc.org"). Records returned by
+ anchor for the root zone ("."). Records returned by
delv are either fully validated or
were not signed. If validation fails, an explanation of
the failure is included in the output; the validation process
@@ -197,14 +196,15 @@
Specifies a file from which to read DNSSEC trust anchors.
The default is /etc/bind.keys, which
is included with BIND 9 and contains
- trust anchors for the root zone (".") and for the ISC
- DNSSEC lookaside validation zone ("dlv.isc.org").
+ one or more trust anchors for the root zone (".").
- Keys that do not match the root or DLV trust-anchor
- names are ignored; these key names can be overridden
- using the +dlv=NAME or
- +root=NAME options.
+ Keys that do not match the root zone name are ignored.
+ An alternate key name can be specified using the
+ +root=NAME options. DNSSEC Lookaside
+ Validation can also be turned on by using the
+ +dlv=NAME to specify the name of a
+ zone containing DLV records.
Note: When reading the trust anchor file,
@@ -546,11 +546,8 @@
Indicates whether to perform DNSSEC lookaside validation,
and if so, specifies the name of the DLV trust anchor.
- The default is to perform lookaside validation using
- a trust anchor of "dlv.isc.org", for which there is a
- built-in key. If specifying a different name, then
- -a must be used to specify a file
- containing the DLV key.
+ The -a option must also be used to specify
+ a file containing the DLV key.
diff --git a/bin/python/dnssec-checkds.8 b/bin/python/dnssec-checkds.8
index 90ffd45a0e..3ce008d556 100644
--- a/bin/python/dnssec-checkds.8
+++ b/bin/python/dnssec-checkds.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2012-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2012-2017 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -65,8 +65,7 @@ is specified, then the zone is read from that file to find the DNSKEY records\&.
.PP
\-l \fIdomain\fR
.RS 4
-Check for a DLV record in the specified lookaside domain, instead of checking for a DS record in the zone\*(Aqs parent\&. For example, to check for DLV records for "example\&.com" in ISC\*(Aqs DLV zone, use:
-\fBdnssec\-checkds \-l dlv\&.isc\&.org example\&.com\fR
+Check for a DLV record in the specified lookaside domain, instead of checking for a DS record in the zone\*(Aqs parent\&.
.RE
.PP
\-d \fIdig path\fR
@@ -92,5 +91,5 @@ binary\&. Used for testing\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2012-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2012-2017 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/python/dnssec-checkds.html b/bin/python/dnssec-checkds.html
index 86d2f11d01..44fc0e423e 100644
--- a/bin/python/dnssec-checkds.html
+++ b/bin/python/dnssec-checkds.html
@@ -1,6 +1,6 @@