From adde80358cce8d3c49a4241c2aa04a36bd95f10c Mon Sep 17 00:00:00 2001
From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Tue, 21 Jun 2016 10:48:23 +0200
Subject: [PATCH] it is log-fail, not validate-log

---
 docs/markdown/recursor/dnssec.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/markdown/recursor/dnssec.md b/docs/markdown/recursor/dnssec.md
index 32c6af95a..99c13dfb2 100644
--- a/docs/markdown/recursor/dnssec.md
+++ b/docs/markdown/recursor/dnssec.md
@@ -26,7 +26,7 @@ However, when the query has the AD-bit set, the recursor will try to validate th
 data and set the AD-bit in the response when the data is validated and send a
 SERVFAIL on a bogus answer.
 
-## `validate-log`
+## `log-fail`
 In this mode , the recursor will attempt to validate all data it retrieves from
 authoritative servers, regardless of the client's DNSSEC desires, and will log the
 validation result. This mode can be used to determine the extra load and amount
@@ -42,7 +42,7 @@ client's request.
 The descriptions above are a bit terse, here's a table describing different scenarios
 with regards to the `dnssec` mode.
 
-|    | `off` | `process-no-validate` | `process` | `validate-log` | `validate` |
+|    | `off` | `process-no-validate` | `process` | `log-fail` | `validate` |
 |:------------|:-------|:-------------|:-------------|:-------------|:-------------|
 |Perform validation| No | No | Only on +AD from client | Always (logs result) | Always |
 |SERVFAIL on bogus| No | No | Only on +AD from client | Only on +AD from client | Always |
-- 
2.50.0