From c9d34cdecf072ead4054e71d4e72d636421e59da Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Wed, 29 Sep 2010 07:47:42 +0000
Subject: [PATCH] better explanation tekst

git-svn-id: file:///svn/unbound/trunk@2263 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 smallapp/unbound-anchor.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c
index 75bc5b856..96c1bab44 100644
--- a/smallapp/unbound-anchor.c
+++ b/smallapp/unbound-anchor.c
@@ -71,6 +71,11 @@
  * RFC5011-tracking with its builtin DS anchors; if that fails it
  * bootstraps the RFC5011-tracking using the certificate.  (again to avoid
  * https, and it is also faster).
+ * 
+ * It uses the XML file by converting it to DS records and writing that to the
+ * key file.  Unbound can detect that the 'special comments' are gone, and
+ * the file contains a list of normal DNSKEY/DS records, and uses that to
+ * bootstrap 5011 (the KSK is made VALID).
  *
  * The certificate update is done by fetching root-anchors.xml and
  * root-anchors.p7s via SSL.  The HTTPS certificate can be logged but is
-- 
2.47.2