A Root Key Trust Anchor Sentinel for DNSSEC
RFC 8509, “A Root Key Trust Anchor Sentinel for DNSSEC”, is a Proposed Standard document published in December 2018 by G. Huston, J. Damas, W. Kumari. The canonical text is published by the RFC Editor.
Abstract
The DNS Security Extensions (DNSSEC) were developed to provide origin authentication and integrity protection for DNS data by using digital signatures. These digital signatures can be verified by building a chain of trust starting from a trust anchor and proceeding down to a particular node in the DNS. This document specifies a mechanism that will allow an end user and third parties to determine the trusted key state for the root key of the resolvers that handle that user's DNS queries. Note that this method is only applicable for determining which keys are in the trust store for the root key.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 8509 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 8507 Simple Internet Protocol Specification
- RFC 8511 TCP Alternative Backoff with ECN
- RFC 8505 Registration Extensions for IPv6 over Low-Power Wireless Personal Area Network Neighbor Discovery
- RFC 8503 BGP/MPLS Layer 3 VPN Multicast Management Information Base
- RFC 8502 L2L3 VPN Multicast MIB
- RFC 8501 Reverse DNS in IPv6 for Internet Service Providers
- RFC 8497 Marking SIP Messages to Be Logged
- RFC 8521 Registration Data Access Protocol Object Tagging