man/resolve: update DNSSEC description

author Ronan Pigott <ronan@rjp.ie>

Thu, 7 Mar 2024 01:08:00 +0000 (18:08 -0700)

committer Luca Boccassi <luca.boccassi@gmail.com>

Thu, 7 Mar 2024 11:29:48 +0000 (11:29 +0000)
author Ronan Pigott <ronan@rjp.ie>
Thu, 7 Mar 2024 01:08:00 +0000 (18:08 -0700)
committer Luca Boccassi <luca.boccassi@gmail.com>
Thu, 7 Mar 2024 11:29:48 +0000 (11:29 +0000)
diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml

index 24cf3e427cbe60b3d13c92174a663a4a456c44af..25750c7eb7c014fa04334caf52b9439fcb9a3a23 100644 (file)
--- a/man/resolved.conf.xml
+++ b/man/resolved.conf.xml
@@ -170,9 +170,7 @@
          downgrade to non-DNSSEC mode by synthesizing a DNS response that suggests DNSSEC was not
          supported.</para>
  
-        <para>If set to false, DNS lookups are not DNSSEC validated. In this mode, or when set to
-        <literal>allow-downgrade</literal> and the downgrade has happened, the resolver becomes
-        security-unaware and all forwarded queries have DNSSEC OK (DO) bit unset.</para>
+        <para>If set to false, DNS lookups are not DNSSEC validated.</para>
  
          <para>Note that DNSSEC validation requires retrieval of additional DNS data, and thus results in a
          small DNS lookup time penalty.</para>
author	Ronan Pigott <ronan@rjp.ie>
	Thu, 7 Mar 2024 01:08:00 +0000 (18:08 -0700)
committer	Luca Boccassi <luca.boccassi@gmail.com>
	Thu, 7 Mar 2024 11:29:48 +0000 (11:29 +0000)