dnsdist: Fix DoT docs to clarify we only listen on TCP, not UDP

diff --git a/pdns/dnsdistdist/docs/guides/dns-over-tls.rst b/pdns/dnsdistdist/docs/guides/dns-over-tls.rst
index 7fbfb48d3a606b3727abff780efd2b04983a584f..bb201aa309031a5dbb188e3ecb2ba79241c089c4 100644 (file)
--- a/pdns/dnsdistdist/docs/guides/dns-over-tls.rst
+++ b/pdns/dnsdistdist/docs/guides/dns-over-tls.rst
@@ -9,10 +9,10 @@ Adding a listen port for DNS-over-TLS can be done with the :func:`addTLSLocal` f
 
   addTLSLocal('192.0.2.55', '/etc/ssl/certs/example.com.pem', '/etc/ssl/private/example.com.key')
 
-This will make :program:`dnsdist` listen on 192.0.2.55:853 on TCP and UDP and will use the provided certificate and key to provide the TLS connection.
+This will make :program:`dnsdist` listen on 192.0.2.55:853 on TCP, and will use the provided certificate and key to serve incoming TLS connections.
 
 In order to support multiple certificates and keys, for example an ECDSA and an RSA one, the following syntax may be used instead::
 
   addTLSLocal('192.0.2.55', {'/etc/ssl/certs/example.com.rsa.pem', '/etc/ssl/certs/example.com.ecdsa.pem'}, {'/etc/ssl/private/example.com.rsa.key', '/etc/ssl/private/example.com.ecdsa.key'})
 
-The certificate chain to present will then be selected based on the algorithms advertised by the client.
+The certificate chain presented by the server to an incoming client will then be selected based on the algorithms this client advertised support for.