diff --git a/daemon/README.rst b/daemon/README.rst
index 9ffc5125de0afc4a5304e00d96383c19934e2de1..a5e0672eb42c49f6e4bfc21c40527ca4f693c324 100644
--- a/daemon/README.rst
+++ b/daemon/README.rst
@@ -425,21 +425,20 @@ policy, or automatically maintained by the resolver itself.
 
    Alias for `add_file`. Its use is discouraged and will be removed in future versions.
 
-.. function:: trust_anchors.distrust(zonename)
+.. function:: trust_anchors.remove(zonename)
 
    Remove specified trust anchor from trusted key set. Removing trust anchor for the root zone effectivelly disables DNSSEC validation (unless you configured another trust anchor).
 
    .. code-block:: lua
 
-      > trust_anchors.distrust('.')
+      > trust_anchors.remove('.')
       true
 
    If you want to disable DNSSEC validation for a particular domain but keep it enabled for the rest of DNS tree, use :func:`trust_anchors.set_insecure`.
 
 .. envvar:: trust_anchors.keyfile_default = keyfile_default
 
-   Set by ``keyfile_default`` option during compilation. This can be explicitly
-   set to ``nil`` to disable DNSSEC validation.
+   Set by ``keyfile_default`` option during compilation.
 
 .. envvar:: trust_anchors.hold_down_time = 30 * day
 
@@ -470,7 +469,7 @@ policy, or automatically maintained by the resolver itself.
 
    When you use a domain name as an *negative trust anchor* (NTA), DNSSEC validation will be turned off at/below these names.
    Each function call replaces the previous NTA set. You can find the current active set in ``trust_anchors.insecure`` variable.
-   If you want to disable DNSSEC validation completely use :func:`trust_anchors.distrust` function instead.
+   If you want to disable DNSSEC validation completely use :func:`trust_anchors.remove` function instead.
 
    Example output:
 
diff --git a/daemon/lua/trust_anchors.lua.in b/daemon/lua/trust_anchors.lua.in
index 360fb5c701e6803fe512b6d4a2ddaff8d6b88ea1..fd977d675addabb987bf107e0feaf6e429937ab2 100644
--- a/daemon/lua/trust_anchors.lua.in
+++ b/daemon/lua/trust_anchors.lua.in
@@ -369,7 +369,7 @@ local function add_file(path, unmanaged)
 	end
 end
 
-local function distrust(zname)
+local function remove(zname)
 	local owner = kres.str2dname(zname)
 	if not trust_anchors.keysets[owner] then
 		return false
@@ -429,7 +429,7 @@ trust_anchors = {
 	-- If managed and the file doesn't exist, try bootstrapping the root into it.
 	add_file = add_file,
 	config = add_file,
-	distrust = distrust,
+	remove = remove,
 
 	keyset_publish = keyset_publish,
 	keyset_write = keyset_write,
diff --git a/daemon/lua/trust_anchors.test/ta.test.lua b/daemon/lua/trust_anchors.test/ta.test.lua
index b9759b5f311b8bd2108c1db7bd5b92a9d1884187..0384b7f367f24215e9c09929d384f0f85b330b0a 100644
--- a/daemon/lua/trust_anchors.test/ta.test.lua
+++ b/daemon/lua/trust_anchors.test/ta.test.lua
@@ -22,7 +22,7 @@ local function test_revoked_key()
 	same(root_ta.rrs.count, 1, 'the root TA set contains one RR')
 end
 
-local function test_distrust()
+local function test_remove()
 	-- uses root key from the previous test
 	assert(trust_anchors.keysets['\0'], 'root key must be there from previous test')
 	local ta_c = kres.context().trust_anchors
@@ -30,7 +30,7 @@ local function test_distrust()
 	assert(root_ta ~= nil, 'we got non-NULL TA RRset')
 	assert(root_ta.rrs.count, 1, 'we have a root TA set to be deleted')
 
-	trust_anchors.distrust('.')
+	trust_anchors.remove('.')
 
 	same(trust_anchors.keysets['\0'], nil, 'Lua interface does not have the removed key')
 	local root_ta = ffi.C.kr_ta_get(ta_c, '\0')
@@ -39,6 +39,6 @@ end
 
 return {
 	test_revoked_key,
-	test_distrust
+	test_remove,
 }
 
diff --git a/modules/ta_update/ta_update.lua b/modules/ta_update/ta_update.lua
index 1d643dc549f9c82e0aa5ab33208a81596d250583..9604da089a8244ab300a9ab1bd1b62e74636f843 100644
--- a/modules/ta_update/ta_update.lua
+++ b/modules/ta_update/ta_update.lua
@@ -259,7 +259,7 @@ function ta_update.start(zname)
 		panic('[ta_update] TA must be configured first before tracking it')
 	end
 	if not keyset.managed then
-		panic('[ta_update] TA is configured as unmanaged; distrust it and '
+		panic('[ta_update] TA is configured as unmanaged; remove it and '
 			.. 'add it again as managed using trust_anchors.add_file()')
 	end
 	refresh_plan(keyset, 0)
diff --git a/modules/ta_update/ta_update.test.lua b/modules/ta_update/ta_update.test.lua
index 8fc5399e524ce68a7bf83f9b7651827bafd3ede1..835e232d3f598abead4dfcf2ece31347772d04d9 100644
--- a/modules/ta_update/ta_update.test.lua
+++ b/modules/ta_update/ta_update.test.lua
@@ -40,7 +40,7 @@ local function test_ta_update_vs_trust_anchors_dependency()
 	ok(modules.unload('ta_update'), 'module can be unloaded')
 	same(ta_update, nil, 'unloaded module is nil')
 
-	ok(trust_anchors.distrust('.'), 'managed root TA can be removed')
+	ok(trust_anchors.remove('.'), 'managed root TA can be removed')
 	same(trust_anchors.keysets['\0'], nil, 'TA removal works')
 end
 
@@ -52,7 +52,7 @@ local function test_unloaded()
 	worker.sleep(0.3)
 	ok(counter == 0, 'TA is actually unmanaged')
 
-	ok(trust_anchors.distrust('.'), 'unmanaged root TA can be removed')
+	ok(trust_anchors.remove('.'), 'unmanaged root TA can be removed')
 	same(trust_anchors.keysets['\0'], nil, 'TA removal works')
 
 end