From: Petr Špaček <pspacek@isc.org>
Date: Thu, 9 Jun 2022 09:53:13 +0000 (+0200)
Subject: Rewrite DNSSEC Validation subchapter in the ARM
X-Git-Tag: v9.16.31~3^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=75854c5e6b93e4d3b1cc3d568c8e41bc08081143;p=thirdparty%2Fbind9.git

Rewrite DNSSEC Validation subchapter in the ARM

Mostly deduplicating and linking information across the ARM.
Generally people should not touch it unless they what they are doing, so
let's try to discourage them a bit.

(cherry picked from commit bffa3063f0c624ef3efcd9dfa882eac95542f3e1)
---

diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index 041b002db8d..c96b029df44 100644
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -2074,7 +2074,9 @@ Boolean Options
    This option enables DNSSEC validation in ``named``.
 
    If set to ``auto``, DNSSEC validation is enabled and a default trust
-   anchor for the DNS root zone is used.
+   anchor for the DNS root zone is used. This trust anchor is provided
+   as part of BIND and is kept up-to-date using :ref:`rfc5011.support` key
+   management.
 
    If set to ``yes``, DNSSEC validation is enabled, but a trust anchor must be
    manually configured using a ``trust-anchors`` statement (or the