diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index d64de21fa9..37618d9205 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -6867,8 +6867,11 @@ options {
dnssec-enable
- Enable DNSSEC support in named. Unless set to yes,
- named behaves as if it does not support DNSSEC.
+ This indicates whether DNSSEC-related resource
+ records are to be returned by named.
+ If set to no,
+ named will not return DNSSEC-related
+ resource records unless specifically queried for.
The default is yes.
@@ -6891,6 +6894,14 @@ options {
managed-keys statement. The default
is yes.
+
+
+ Whenever the resolver sends out queries to an
+ EDNS-compliant server, it always sets the DO bit
+ indicating it can support DNSSEC responses even if
+ dnssec-validation is off.
+
+