chore(docs): regenerate man pages (#7971)

man/coredns-tsig.7

@@ -1,14 +1,18 @@
 .\" Generated by Mmark Markdown Processer - mmark.miek.nl
-.TH "COREDNS-TSIG" 7 "July 2022" "CoreDNS" "CoreDNS Plugins"
+.TH "COREDNS-TSIG" 7 "March 2026" "CoreDNS" "CoreDNS Plugins"
 
 .SH "NAME"
 .PP
-\fItsig\fP - validate TSIG requests and sign responses.
+\fItsig\fP - define TSIG keys, validate incoming TSIG signed requests and sign responses.
 
 .SH "DESCRIPTION"
 .PP
-With \fItsig\fP, you can define a set of TSIG secret keys for validating incoming TSIG requests and signing
-responses. It can also require TSIG for certain query types, refusing requests that do not comply.
+With \fItsig\fP, you can define CoreDNS's TSIG secret keys. Using those keys, \fItsig\fP validates incoming TSIG requests and signs
+responses to those requests. It does not itself sign requests outgoing from CoreDNS; it is up to the
+respective plugins sending those requests to sign them using the keys defined by \fItsig\fP.
+
+.PP
+The \fItsig\fP plugin can also require that incoming requests be signed for certain query types, refusing requests that do not comply.
 
 .SH "SYNTAX"
 .PP
@@ -96,9 +100,13 @@ auth.zone {
 .RE
 
 .SH "BUGS"
+.SS "SECONDARY"
+.PP
+TSIG transfers are not yet implemented for the \fIsecondary\fP plugin.  The \fIsecondary\fP plugin will not sign its zone transfer requests.
+
 .SS "ZONE TRANSFER NOTIFIES"
 .PP
-With the transfer plugin, zone transfer notifications from CoreDNS are not TSIG signed.
+With the \fItransfer\fP plugin, zone transfer notifications from CoreDNS are not TSIG signed.
 
 .SS "SPECIAL CONSIDERATIONS FOR FORWARDING SERVERS (RFC 8945 5.5)"
 .PP