From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Wed, 29 Sep 2010 07:47:42 +0000 (+0000)
Subject: better explanation tekst
X-Git-Tag: release-1.4.7rc1~62
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c9d34cdecf072ead4054e71d4e72d636421e59da;p=thirdparty%2Funbound.git

better explanation tekst

git-svn-id: file:///svn/unbound/trunk@2263 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c
index 75bc5b856..96c1bab44 100644
--- a/smallapp/unbound-anchor.c
+++ b/smallapp/unbound-anchor.c
@@ -71,6 +71,11 @@
  * RFC5011-tracking with its builtin DS anchors; if that fails it
  * bootstraps the RFC5011-tracking using the certificate.  (again to avoid
  * https, and it is also faster).
+ * 
+ * It uses the XML file by converting it to DS records and writing that to the
+ * key file.  Unbound can detect that the 'special comments' are gone, and
+ * the file contains a list of normal DNSKEY/DS records, and uses that to
+ * bootstrap 5011 (the KSK is made VALID).
  *
  * The certificate update is done by fetching root-anchors.xml and
  * root-anchors.p7s via SSL.  The HTTPS certificate can be logged but is