diff --git a/doc/guide/bind10-guide.xml b/doc/guide/bind10-guide.xml
index 56806a0e13..9ca409fcba 100644
--- a/doc/guide/bind10-guide.xml
+++ b/doc/guide/bind10-guide.xml
@@ -5051,9 +5051,9 @@ Dhcp4/dhcp-ddns/qualifying-suffix "example.com" string
- Server doesn't act upon expired leases. In particular, when the lease
- expires, the server doesn't request removal of DNS records associated
- with the lease.
+ The server doesn't act upon expired leases. In particular,
+ when a lease expires, the server doesn't request the removal
+ of the DNS records associated with it.
@@ -6418,7 +6418,7 @@ Dhcp6/dhcp-ddns/qualifying-suffix "example.com" string
RFC 3633: Supported options are IA_PD and
- IA_PREFIX. New status code: NoPrefixAvail.
+ IA_PREFIX. Also supported is the status code NoPrefixAvail.
RFC 3646: Supported option is DNS_SERVERS.
@@ -6455,8 +6455,8 @@ Dhcp6/dhcp-ddns/qualifying-suffix "example.com" string
- Server will allocate, renew or rebind maximum one lease for a
- particular IA option (IA_NA or IA_PD) sent by a client.
+ The server will allocate, renew or rebind a maximum of one lease
+ for a particular IA option (IA_NA or IA_PD) sent by a client.
RFC 3315 and
RFC 3633 allow
for multiple addresses or prefixes to be allocated for a single IA.
@@ -6474,9 +6474,9 @@ Dhcp6/dhcp-ddns/qualifying-suffix "example.com" string
- Server doesn't act upon expired leases. In particular, when the lease
- expires, the server doesn't request removal of DNS records associated
- with the lease.
+ The server doesn't act upon expired leases. In particular,
+ when a lease expires, the server doesn't request removal of
+ the DNS records associated with it.
@@ -6652,15 +6652,17 @@ DhcpDdns/reverse_ddns/ddns_domains [] list (default)
The server may be configured to listen over IPv4 or IPv6, therefore
ip-address may an IPv4 or IPv6 address.
-
+
- When DHCP-DDNS server is configured to listen at address other than
- loopback address (127.0.0.1 or ::1), it is possible for the malicious
- attacker to spoof the server. Therefore, other addresses should only
- be used for testing purposes! In the future, an authentication
- will be implemented to guard against spoofing attacks.
+ When the DHCP-DDNS server is configured to listen at an address
+ other than the loopback address (127.0.0.1 or ::1), it is possible
+ for a malicious attacker to send bogus NameChangeRequests to it
+ and change entries in the DNS. For this reason, addresses other
+ than the IPv4 or IPv6 loopback addresses should only be used
+ for testing purposes. A future version of Kea will implement
+ authentication to guard against such attacks.
-
+
@@ -7224,14 +7226,14 @@ DhcpDdns/reverse_ddns/ddns_domains[0]/dns_servers[0]/port 53 integer(default)
- As requests are received from the DHCP servers they are placed om a queue.
- These requests are currently not persisted across shutdowns and so cannot
- be recovered.
+ Requests are received from the DHCP servers are placed in a
+ queue until they are processed. Currently all queued requests
+ are lost when the server shuts down.
-
-
+
- TSIG Authentication (RFC 2845)
+ TSIG Authentication (RFC 2845)
is not supported yet.