From 9291689720b15d334a56dc7ee29d5ebfc6dab0fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Tue, 7 May 2024 13:24:43 +0200 Subject: [PATCH] Update KSK root sentinel references The mechanism was published as RFC 8509. I've briefly looked at diff between versions -08 and the RFC and did not find significant protocol change. Quick manual check confirms what we seem to comply with the published protocol. (cherry picked from commit 153311da2d97f1febd7e952842fd7e4cf8f9b673) --- doc/arm/general.rst | 3 +++ doc/arm/reference.rst | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/doc/arm/general.rst b/doc/arm/general.rst index 9fba98b36d..0f364dc9b0 100644 --- a/doc/arm/general.rst +++ b/doc/arm/general.rst @@ -285,6 +285,9 @@ Parent via CDS/CDNSKEY.* March 2017. [#rfc8078]_ :rfc:`8484` - P. Hoffman and P. McManus. *DNS Queries over HTTPS (DoH).* October 2018. [#noencryptedfwd]_ +:rfc:`8509` - G. Huston, J. Damas, W. Kumari. *A Root Key Trust Anchor Sentinel +for DNSSEC.* December 2018. + :rfc:`8624` - P. Wouters and O. Sury. *Algorithm Implementation Requirements and Usage Guidance for DNSSEC.* June 2019. diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 50a490e6d3..48dbce13b7 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -2147,7 +2147,7 @@ Boolean Options :short: Controls whether BIND 9 responds to root key sentinel probes. If ``yes``, respond to root key sentinel probes as described in - `draft-ietf-dnsop-kskroll-sentinel-08 `_. The default is ``yes``. + :rfc:`8509`:. The default is ``yes``. .. namedconf:statement:: reuseport :tags: server