From: JP Mens <jp@mens.de>
Date: Thu, 26 Oct 2017 05:26:53 +0000 (+0200)
Subject: Attempt to clarify use of TSIG key and ALLOW-DNSUPDATE-FROM
X-Git-Tag: rec-4.1.0-rc2~18^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7a5bad639e73002275d9f6d9d4cbc74b0e3794a3;p=pdns

Attempt to clarify use of TSIG key and ALLOW-DNSUPDATE-FROM

Clarify association between use of TSIG key and ALLOW-DNSUPDATE-FROM. Previous description sounded like AND
---

diff --git a/docs/dnsupdate.rst b/docs/dnsupdate.rst
index 6cbc95376..b38f6c21e 100644
--- a/docs/dnsupdate.rst
+++ b/docs/dnsupdate.rst
@@ -135,9 +135,9 @@ An example of how to use a TSIG key with the :program:`nsupdate` command:
     !
 
 If a TSIG key is set for the domain, it is required to be used for the
-update. The TSIG is extra security on top of the
-``ALLOW-DNSUPDATE-FROM`` setting. If a TSIG key is set, the IP(-range)
-still needs to be allowed via ``ALLOW-DNSUPDATE-FROM``.
+update. The TSIG is an alternative means of securing updates, instead of using the
+``ALLOW-DNSUPDATE-FROM`` setting. If a TSIG key is set, and if ``ALLOW-DNSUPDATE-FROM`` is set,
+the IP(-range) of the updater still needs to be allowed via ``ALLOW-DNSUPDATE-FROM``. 
 
 FORWARD-DNSUPDATE
 ~~~~~~~~~~~~~~~~~