reflect the current state of the CD bit, and fix a typo

doc/misc/dnssec

@@ -15,7 +15,7 @@ in doc/arm/Bv9ARM.4.html and the man pages.
 
 The random data used in generating DNSSEC keys and signatures comes from
 either /dev/random (if the OS supports it) or keyboard input.  Alternatively,
-the a device or file containing entropy/random data can be specified.
+a device or file containing entropy/random data can be specified.
 
 
 Serving secure zones
@@ -54,9 +54,8 @@ secured zones delegated from secure zones will not work in all cases,
 such as when the privately secured zone is served by the same server
 as an ancestor (but not parent) zone.
 
-Handling of the CD bit in queries is not yet fully implemented;
-validation is currently attempted for all recursive queries, even if
-CD is set.
+Handling of the CD bit in queries is now fully implemented.  Validation
+is not attempted for recursive queries if CD is set.
 
 
 Secure dynamic update
@@ -67,4 +66,4 @@ an update occurs.  Advanced access control is possible using the
 "update-policy" statement in the zone definition.
 
 
-$Id: dnssec,v 1.6 2000/07/14 00:03:54 bwelling Exp $
+$Id: dnssec,v 1.7 2000/07/29 00:24:06 bwelling Exp $