diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 25e26ad383..7ebf09c736 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -6671,8 +6671,11 @@ options {
dnssec-enable
- Enable DNSSEC support in named. Unless set to yes,
- named behaves as if it does not support DNSSEC.
+ This indicates whether DNSSEC-related resource
+ records are to be returned by named.
+ If set to no,
+ named will not return DNSSEC-related
+ resource records unless specifically queried for.
The default is yes.
@@ -6695,6 +6698,14 @@ options {
managed-keys statement. The default
is yes.
+
+
+ Whenever the resolver sends out queries to an
+ EDNS-compliant server, it always sets the DO bit
+ indicating it can support DNSSEC responses even if
+ dnssec-validation is off.
+
+