From d2cdc68a73fa60a92bf7a81519508c929481f3ae Mon Sep 17 00:00:00 2001
From: Amelia Aronsohn <squirrel@wearing.black>
Date: Thu, 15 Aug 2024 14:32:38 -0700
Subject: [PATCH] Update DNSSEC & SecondaryDNS RFC (#1225)

* Update RFC and add a note on what signing modes we use.
* remove note for now
* tightens description
* refactor: Alyse's suggestions

---------

Co-authored-by: Alyse <42185139+itsalyse@users.noreply.github.com>
---
 content/articles/dnssec-and-secondary-dns.md            | 2 +-
 content/articles/dnssec.md                              | 2 +-
 content/articles/secondary-dns-dnsimple-as-secondary.md | 6 +++---
 content/articles/secondary-dns.md                       | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/content/articles/dnssec-and-secondary-dns.md b/content/articles/dnssec-and-secondary-dns.md
index 512e27754..71f5203e7 100644
--- a/content/articles/dnssec-and-secondary-dns.md
+++ b/content/articles/dnssec-and-secondary-dns.md
@@ -11,4 +11,4 @@ All authoritative name servers MUST sign all record sets with all private keys t
 
 Note that in practice, it is possible to run multi-provider DNSSEC without sharing ZSK private key material, however it is not guaranteed to work due to the condition described above with resolvers getting the DNSKEY and the RRset + RRSIG from different authoritative name servers.
 
-You can read more information about multi-provider DNSSEC in this [Draft RFC here](https://tools.ietf.org/html/draft-ietf-dnsop-multi-provider-dnssec-05).
+You can read more about multi-provider DNSSEC in [RFC 8901](https://datatracker.ietf.org/doc/html/rfc8901).
diff --git a/content/articles/dnssec.md b/content/articles/dnssec.md
index 5a60ae522..73caed93b 100644
--- a/content/articles/dnssec.md
+++ b/content/articles/dnssec.md
@@ -9,7 +9,7 @@ categories:
 # DNSSEC
 
 <warning>
-  You cannot enable DNSSEC if you have set up [Secondary DNS enabled](/articles/secondary-dns). They will not work in conjunction. Ensure you are not currently using Secondary DNS, or disable Secondary DNS before using DNSSEC. You can read more about why [here](/articles/dnssec-and-secondary-dns).
+  DNSimple does not support [Secondary DNS](/articles/secondary-dns) if you have DNSSEC enabled. They will not work in conjunction. Please ensure that you are not currently using DNSSEC, or disable DNSSEC before using Secondary DNS. You can read more about the complexities of multi-signer DNSSEC models in [RFC 8901](https://datatracker.ietf.org/doc/html/rfc8901).
 </warning>
 
 ### Table of Contents {#toc}
diff --git a/content/articles/secondary-dns-dnsimple-as-secondary.md b/content/articles/secondary-dns-dnsimple-as-secondary.md
index b6aa40eeb..e9b476ab4 100644
--- a/content/articles/secondary-dns-dnsimple-as-secondary.md
+++ b/content/articles/secondary-dns-dnsimple-as-secondary.md
@@ -24,9 +24,9 @@ For an overview of Secondary DNS, have a look at [our introduction article](/art
 ## Requirements
 
 <warning>
-  Don't add DNSimple as a secondary DNS server to domains with DNSSEC. We do not import external RRSIG records, which will produce resolution failures in DNSSEC aware resolutors.
+  Don't add DNSimple as a secondary DNS server to domains with DNSSEC. We do not import external RRSIG records, which will produce resolution failures from DNSSEC aware resolvers.
 
-  Please ensure that you are not currently using DNSSEC, or disable DNSSEC before using Secondary DNS. You can read more about why [here](/articles/dnssec-and-secondary-dns).
+  Please ensure that you are not currently using DNSSEC, or disable DNSSEC before using Secondary DNS.
 </warning>
 
 
@@ -34,7 +34,7 @@ For an overview of Secondary DNS, have a look at [our introduction article](/art
 
 Create a secondary zone by heading to the account dashboard. Select the <label>Domain Names</label> tab.
 
-![Seconary DNS tab](/files/domain-names-tab.png)
+![Secondary DNS tab](/files/domain-names-tab.png)
 
 Click the <label>Add new</label> button, and choose <label>Secondary DNS zone (with DNSimple as follower)</label> from the provided options.
 
diff --git a/content/articles/secondary-dns.md b/content/articles/secondary-dns.md
index 271baefe2..5e6cd5284 100644
--- a/content/articles/secondary-dns.md
+++ b/content/articles/secondary-dns.md
@@ -15,7 +15,7 @@ categories:
 ---
 
 <warning>
-  You cannot set up Secondary DNS if you have [DNSSEC](/articles/dnssec) enabled. They will not work in conjunction. Please ensure that you are not currently using DNSSEC, or disable DNSSEC before using Secondary DNS. You can read more about why [here](/articles/dnssec-and-secondary-dns).
+  DNSimple does not support Secondary DNS if you have [DNSSEC](/articles/dnssec) enabled. They will not work in conjunction. Please ensure that you are not currently using DNSSEC, or disable DNSSEC before using Secondary DNS. You can read more about the complexities of multi-signer DNSSEC models in [RFC 8901](https://datatracker.ietf.org/doc/html/rfc8901).
 </warning>
 
 ## Getting started