Comment 31 for bug 1727237

Dimitri, can you please confirm what the effect of this patch is when a user has manually reconfigured resolved to enable DNSSEC? Does this do the right thing, or does it become a downgrade attack?