Update DNSSEC & SecondaryDNS RFC (#1225)

* Update RFC and add a note on what signing modes we use.
* remove note for now
* tightens description
* refactor: Alyse's suggestions

---------

Co-authored-by: Alyse <[email protected]>

content/articles/dnssec-and-secondary-dns.md

@@ -11,4 +11,4 @@ All authoritative name servers MUST sign all record sets with all private keys t
 
 Note that in practice, it is possible to run multi-provider DNSSEC without sharing ZSK private key material, however it is not guaranteed to work due to the condition described above with resolvers getting the DNSKEY and the RRset + RRSIG from different authoritative name servers.
 
-You can read more information about multi-provider DNSSEC in this [Draft RFC here](https://tools.ietf.org/html/draft-ietf-dnsop-multi-provider-dnssec-05).
+You can read more about multi-provider DNSSEC in [RFC 8901](https://datatracker.ietf.org/doc/html/rfc8901).

content/articles/dnssec.md

@@ -9,7 +9,7 @@ categories:
 # DNSSEC
 
 <warning>
-  You cannot enable DNSSEC if you have set up [Secondary DNS enabled](/articles/secondary-dns). They will not work in conjunction. Ensure you are not currently using Secondary DNS, or disable Secondary DNS before using DNSSEC. You can read more about why [here](/articles/dnssec-and-secondary-dns).
+  DNSimple does not support [Secondary DNS](/articles/secondary-dns) if you have DNSSEC enabled. They will not work in conjunction. Please ensure that you are not currently using DNSSEC, or disable DNSSEC before using Secondary DNS. You can read more about the complexities of multi-signer DNSSEC models in [RFC 8901](https://datatracker.ietf.org/doc/html/rfc8901).
 </warning>
 
 ### Table of Contents {#toc}

content/articles/secondary-dns-dnsimple-as-secondary.md

@@ -24,17 +24,17 @@ For an overview of Secondary DNS, have a look at [our introduction article](/art
 ## Requirements
 
 <warning>
-  Don't add DNSimple as a secondary DNS server to domains with DNSSEC. We do not import external RRSIG records, which will produce resolution failures in DNSSEC aware resolutors.
+  Don't add DNSimple as a secondary DNS server to domains with DNSSEC. We do not import external RRSIG records, which will produce resolution failures from DNSSEC aware resolvers.
 
-  Please ensure that you are not currently using DNSSEC, or disable DNSSEC before using Secondary DNS. You can read more about why [here](/articles/dnssec-and-secondary-dns).
+  Please ensure that you are not currently using DNSSEC, or disable DNSSEC before using Secondary DNS.
 </warning>
 
 
 ## Adding a Secondary Zone
 
 Create a secondary zone by heading to the account dashboard. Select the <label>Domain Names</label> tab.
 
-![Seconary DNS tab](/files/domain-names-tab.png)
+![Secondary DNS tab](/files/domain-names-tab.png)
 
 Click the <label>Add new</label> button, and choose <label>Secondary DNS zone (with DNSimple as follower)</label> from the provided options.
 

content/articles/secondary-dns.md

@@ -15,7 +15,7 @@ categories:
 ---
 
 <warning>
-  You cannot set up Secondary DNS if you have [DNSSEC](/articles/dnssec) enabled. They will not work in conjunction. Please ensure that you are not currently using DNSSEC, or disable DNSSEC before using Secondary DNS. You can read more about why [here](/articles/dnssec-and-secondary-dns).
+  DNSimple does not support Secondary DNS if you have [DNSSEC](/articles/dnssec) enabled. They will not work in conjunction. Please ensure that you are not currently using DNSSEC, or disable DNSSEC before using Secondary DNS. You can read more about the complexities of multi-signer DNSSEC models in [RFC 8901](https://datatracker.ietf.org/doc/html/rfc8901).
 </warning>
 
 ## Getting started