[master] update README

CHANGES

@@ -1,12 +1,12 @@
-4349.   [contrib]       kasp2policy: A python script to create a DNSSEC
+4349.	[contrib]	kasp2policy: A python script to create a DNSSEC
-                        policy file from an OpenDNSSEC KASP XML file.
+			policy file from an OpenDNSSEC KASP XML file.
 
 4348.	[func]		dnssec-keymgr: A new python-based DNSSEC key
 			management utility, which reads a policy definition
 			file and can create or update DNSSEC keys as needed
 			to ensure that a zone's keys match policy, roll over
 			correctly on schedule, etc.  Thanks to Sebastian
-                        Castro for assistance in development. [RT #39211]
+			Castro for assistance in development. [RT #39211]
 
 4347.	[port]		Corrected a build error on x86_64 Solaris. [RT #42150]
 

README

@@ -76,6 +76,9 @@ BIND 9.11.0
 	    Unlike "fetches-per-server", this value is not self-tuning.)
 	  + New stats counters have been added to count
 	    queries spilled due to these quotas.
+	- Added a new "dnssec-keymgr" key mainenance utility, which can
+	  generate or update keys as needed to ensure that a zone's
+	  keys match a defined DNSSEC policy.
 	- The experimental "SIT" feature in BIND 9.10 has been renamed
 	  "COOKIE" and is no longer optional. EDNS COOKIE is a mechanism
 	  enabling clients to detect off-path spoofed responses, and