From 4e17de7feed093ddaebd4fe2cd8a2ad8f0e03d76 Mon Sep 17 00:00:00 2001
From: Ronan Pigott <ronan@rjp.ie>
Date: Wed, 6 Mar 2024 18:08:00 -0700
Subject: [PATCH] man/resolve: update DNSSEC description

This behavior was changed.

Fixes: 9c47b334445a ("resolved: enable DNS proxy mode if client wants DNSSEC")
---
 man/resolved.conf.xml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml
index 24cf3e427cb..25750c7eb7c 100644
--- a/man/resolved.conf.xml
+++ b/man/resolved.conf.xml
@@ -170,9 +170,7 @@
         downgrade to non-DNSSEC mode by synthesizing a DNS response that suggests DNSSEC was not
         supported.</para>
 
-        <para>If set to false, DNS lookups are not DNSSEC validated. In this mode, or when set to
-        <literal>allow-downgrade</literal> and the downgrade has happened, the resolver becomes
-        security-unaware and all forwarded queries have DNSSEC OK (DO) bit unset.</para>
+        <para>If set to false, DNS lookups are not DNSSEC validated.</para>
 
         <para>Note that DNSSEC validation requires retrieval of additional DNS data, and thus results in a
         small DNS lookup time penalty.</para>
-- 
2.47.3