better explanation tekst

author Wouter Wijngaards <wouter@nlnetlabs.nl>

Wed, 29 Sep 2010 07:47:42 +0000 (07:47 +0000)

committer Wouter Wijngaards <wouter@nlnetlabs.nl>

Wed, 29 Sep 2010 07:47:42 +0000 (07:47 +0000)
author Wouter Wijngaards <wouter@nlnetlabs.nl>
Wed, 29 Sep 2010 07:47:42 +0000 (07:47 +0000)
committer Wouter Wijngaards <wouter@nlnetlabs.nl>
Wed, 29 Sep 2010 07:47:42 +0000 (07:47 +0000)
diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c

index 75bc5b8569d58a111c483eef83f6817842480f0f..96c1bab4450546cb48c7b9f2ff48f66a010d1776 100644 (file)
--- a/smallapp/unbound-anchor.c
+++ b/smallapp/unbound-anchor.c
@@ -71,6 +71,11 @@
   * RFC5011-tracking with its builtin DS anchors; if that fails it
   * bootstraps the RFC5011-tracking using the certificate.  (again to avoid
   * https, and it is also faster).
+ * 
+ * It uses the XML file by converting it to DS records and writing that to the
+ * key file.  Unbound can detect that the 'special comments' are gone, and
+ * the file contains a list of normal DNSKEY/DS records, and uses that to
+ * bootstrap 5011 (the KSK is made VALID).
   *
   * The certificate update is done by fetching root-anchors.xml and
   * root-anchors.p7s via SSL.  The HTTPS certificate can be logged but is
author	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Wed, 29 Sep 2010 07:47:42 +0000 (07:47 +0000)
committer	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Wed, 29 Sep 2010 07:47:42 +0000 (07:47 +0000)