From 210d1703d1ff14e5b371294780a597ac5bed664e Mon Sep 17 00:00:00 2001
From: =?utf8?q?Petr=20=C5=A0pa=C4=8Dek?= <petr.spacek@nic.cz>
Date: Mon, 6 Mar 2017 13:24:20 +0100
Subject: [PATCH] Clarify conditions when invalid RRSIG can lead to AD=1
 response

Further clarification of fb957a9b5593aaa46dcfddd9adb488cf898b4a45
---
 NEWS | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 5eb761c3b..07851ae66 100644
--- a/NEWS
+++ b/NEWS
@@ -4,7 +4,8 @@ Knot Resolver 1.2.4-dev (2017-03-XX)
 Security
 --------
 - Knot Resolver 1.2.0 and higher could return AD flag for insecure
-  answer, if the same answer was validated three or more times.
+  answer if the daemon received answer with invalid RRSIG several times
+  in a row.
 
 Improvements
 ------------
-- 
2.47.3