From 7a5bad639e73002275d9f6d9d4cbc74b0e3794a3 Mon Sep 17 00:00:00 2001
From: JP Mens <jp@mens.de>
Date: Thu, 26 Oct 2017 07:26:53 +0200
Subject: [PATCH] Attempt to clarify use of TSIG key and ALLOW-DNSUPDATE-FROM

Clarify association between use of TSIG key and ALLOW-DNSUPDATE-FROM. Previous description sounded like AND
---
 docs/dnsupdate.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/dnsupdate.rst b/docs/dnsupdate.rst
index 6cbc95376..b38f6c21e 100644
--- a/docs/dnsupdate.rst
+++ b/docs/dnsupdate.rst
@@ -135,9 +135,9 @@ An example of how to use a TSIG key with the :program:`nsupdate` command:
     !
 
 If a TSIG key is set for the domain, it is required to be used for the
-update. The TSIG is extra security on top of the
-``ALLOW-DNSUPDATE-FROM`` setting. If a TSIG key is set, the IP(-range)
-still needs to be allowed via ``ALLOW-DNSUPDATE-FROM``.
+update. The TSIG is an alternative means of securing updates, instead of using the
+``ALLOW-DNSUPDATE-FROM`` setting. If a TSIG key is set, and if ``ALLOW-DNSUPDATE-FROM`` is set,
+the IP(-range) of the updater still needs to be allowed via ``ALLOW-DNSUPDATE-FROM``. 
 
 FORWARD-DNSUPDATE
 ~~~~~~~~~~~~~~~~~
-- 
2.40.0