Clarify that NSEC3 is not supported by synth-from-dnssec yet

author Petr Špaček <pspacek@isc.org>

Thu, 2 Dec 2021 08:59:04 +0000 (09:59 +0100)

committer Petr Špaček <pspacek@isc.org>

Thu, 2 Dec 2021 13:27:18 +0000 (14:27 +0100)
author Petr Špaček <pspacek@isc.org>
Thu, 2 Dec 2021 08:59:04 +0000 (09:59 +0100)
committer Petr Špaček <pspacek@isc.org>
Thu, 2 Dec 2021 13:27:18 +0000 (14:27 +0100)
diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst

index 97f4e925945a8a61bc2b97a18b2b7906d28a53dc..ad5e666d8d1718b05178806ed966d9e7936c7c88 100644 (file)
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -2249,8 +2249,11 @@ Boolean Options
     is started.
  
  ``synth-from-dnssec``
-   This option synthesizes answers from cached NSEC, NSEC3, and
-   other RRsets that have been proved to be correct using DNSSEC.
+   This option enables support for :rfc:`8198`, Aggressive Use of
+   DNSSEC-Validated Cache.  It allows the resolver to send a smaller number
+   of queries when resolving queries for DNSSEC-signed domains
+   by synthesizing answers from cached NSEC and other RRsets that
+   have been proved to be correct using DNSSEC.
     The default is ``yes``.
  
     ``server <prefix> { broken-nsec yes; };`` can be used to stop
author	Petr Špaček <pspacek@isc.org>
	Thu, 2 Dec 2021 08:59:04 +0000 (09:59 +0100)
committer	Petr Špaček <pspacek@isc.org>
	Thu, 2 Dec 2021 13:27:18 +0000 (14:27 +0100)