diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook
index d43caa0688..059772b971 100644
--- a/bin/rndc/rndc.docbook
+++ b/bin/rndc/rndc.docbook
@@ -774,9 +774,15 @@
secroots - view ...
- Dump the server's security roots and negative trust anchors
- for the specified views. If no view is specified, all views
- are dumped.
+ Dump the security roots (i.e., trust anchors
+ configured via trusted-keys,
+ managed-keys, or
+ dnssec-validation auto) and negative trust
+ anchors for the specified views. If no view is specified, all
+ views are dumped. Security roots will indicate whether
+ they are configured as trusted keys, managed keys, or
+ initializing managed keys (managed keys that have not yet
+ been updated by a successful key refresh query).
If the first argument is "-", then the output is
@@ -963,15 +969,15 @@
When called without arguments, display the current
- values of the tcp-initial-timeout,
+ values of the tcp-initial-timeout,
tcp-idle-timeout,
tcp-keepalive-timeout and
tcp-advertised-timeout options.
- When called with arguments, update these values. This
- allows an administrator to make rapid adjustments when
- under a denial of service attack. See the descriptions of
- these options in the BIND 9 Administrator Reference Manual
- for details of their use.
+ When called with arguments, update these values. This
+ allows an administrator to make rapid adjustments when
+ under a denial of service attack. See the descriptions of
+ these options in the BIND 9 Administrator Reference Manual
+ for details of their use.