diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml
index 24cf3e427c..25750c7eb7 100644
--- a/man/resolved.conf.xml
+++ b/man/resolved.conf.xml
@@ -170,9 +170,7 @@
         downgrade to non-DNSSEC mode by synthesizing a DNS response that suggests DNSSEC was not
         supported.</para>
 
-        <para>If set to false, DNS lookups are not DNSSEC validated. In this mode, or when set to
-        <literal>allow-downgrade</literal> and the downgrade has happened, the resolver becomes
-        security-unaware and all forwarded queries have DNSSEC OK (DO) bit unset.</para>
+        <para>If set to false, DNS lookups are not DNSSEC validated.</para>
 
         <para>Note that DNSSEC validation requires retrieval of additional DNS data, and thus results in a
         small DNS lookup time penalty.</para>