Update KSK root sentinel references

The mechanism was published as RFC 8509. I've briefly looked at diff between versions -08 and the RFC and did not find significant protocol change. Quick manual check confirms what we seem to comply with the published protocol.
2026-04-21 22:28:34 -04:00 · 2024-05-07 13:24:43 +02:00 · 2024-05-07 13:24:43 +02:00 · 153311da2d
commit 153311da2d
parent 8e4c0329c3
2 changed files with 4 additions and 1 deletions
--- a/doc/arm/general.rst
+++ b/doc/arm/general.rst
@ -285,6 +285,9 @@ Parent via CDS/CDNSKEY.* March 2017. [#rfc8078]_
 :rfc:`8484` - P. Hoffman and P. McManus. *DNS Queries over HTTPS (DoH).*
 October 2018. [#noencryptedfwd]_

+:rfc:`8509` - G. Huston, J. Damas, W. Kumari. *A Root Key Trust Anchor Sentinel
+for DNSSEC.* December 2018.
+
 :rfc:`8624` - P. Wouters and O. Sury. *Algorithm Implementation Requirements
 and Usage Guidance for DNSSEC.* June 2019.

--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@ -2101,7 +2101,7 @@ Boolean Options
   :short: Controls whether BIND 9 responds to root key sentinel probes.

   If ``yes``, respond to root key sentinel probes as described in
-   `draft-ietf-dnsop-kskroll-sentinel-08 <https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-kskroll-sentinel-08>`_. The default is ``yes``.
+   :rfc:`8509`:. The default is ``yes``.

 .. namedconf:statement:: reuseport
   :tags: server