From: Ronan Pigott <ronan@rjp.ie>
Date: Thu, 7 Mar 2024 01:08:00 +0000 (-0700)
Subject: man/resolve: update DNSSEC description
X-Git-Tag: v256-rc1~607
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4e17de7feed093ddaebd4fe2cd8a2ad8f0e03d76;p=thirdparty%2Fsystemd.git

man/resolve: update DNSSEC description

This behavior was changed.

Fixes: 9c47b334445a ("resolved: enable DNS proxy mode if client wants DNSSEC")
---

diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml
index 24cf3e427cb..25750c7eb7c 100644
--- a/man/resolved.conf.xml
+++ b/man/resolved.conf.xml
@@ -170,9 +170,7 @@
         downgrade to non-DNSSEC mode by synthesizing a DNS response that suggests DNSSEC was not
         supported.</para>
 
-        <para>If set to false, DNS lookups are not DNSSEC validated. In this mode, or when set to
-        <literal>allow-downgrade</literal> and the downgrade has happened, the resolver becomes
-        security-unaware and all forwarded queries have DNSSEC OK (DO) bit unset.</para>
+        <para>If set to false, DNS lookups are not DNSSEC validated.</para>
 
         <para>Note that DNSSEC validation requires retrieval of additional DNS data, and thus results in a
         small DNS lookup time penalty.</para>