From: Petr Špaček <pspacek@isc.org>
Date: Thu, 2 Dec 2021 08:59:04 +0000 (+0100)
Subject: Clarify that NSEC3 is not supported by synth-from-dnssec yet
X-Git-Tag: v9.17.21~5^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d24dab643033281f60f8387be9684fe350181748;p=thirdparty%2Fbind9.git

Clarify that NSEC3 is not supported by synth-from-dnssec yet
---

diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index 97f4e925945..ad5e666d8d1 100644
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -2249,8 +2249,11 @@ Boolean Options
    is started.
 
 ``synth-from-dnssec``
-   This option synthesizes answers from cached NSEC, NSEC3, and
-   other RRsets that have been proved to be correct using DNSSEC.
+   This option enables support for :rfc:`8198`, Aggressive Use of
+   DNSSEC-Validated Cache.  It allows the resolver to send a smaller number
+   of queries when resolving queries for DNSSEC-signed domains
+   by synthesizing answers from cached NSEC and other RRsets that
+   have been proved to be correct using DNSSEC.
    The default is ``yes``.
 
    ``server <prefix> { broken-nsec yes; };`` can be used to stop