[dns-operations] Root Key Sentinel - current state of affairs?

Roy Arends roy at dnss.ec
Wed Jun 23 13:23:04 UTC 2021

Hi Ondrej

> On 23 Jun 2021, at 08:10, Ondřej Surý <ondrej at isc.org> wrote:
> Hi,
> during the last RZ KSK rollover we scrambled to add the Root Key Sentinel
> to the code and as far as I know it did give us different data than was expected.

I am going to assume you are referring to RFC8145 (Signaling Trust Anchor Knowledge in DNSSEC) and not RFC8509 (A Root Key Trust Anchor Sentinel for DNSSEC). My apologies if you meant the latter, as I have no information on that.

> So, my current question is:
> - is it still useful?

Personally, I find it interesting data, but I currently have no business case for it.

> - will it be useful for the next RZ KSK rollover?

It may be.

> - is anybody gathering the data right now?

We (the Office of the CTO at ICANN) received accumulated stats from Root Server Operators before and during the last rollover. We do not receive them currently. While we have access to IMRS traffic data, we do not currently process RFC8145 signals.  

> - is anybody planning to gather the data before the next RZ KSK rollover?

I am going to assume that that is going to happen.

Hope this helps!



> Thanks,
> Ondrej
> --
> Ondřej Surý (He/Him)
> ondrej at isc.org
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

More information about the dns-operations mailing list