Sentinel for Detecting Trusted Root Keys
----------------------------------------
-The module implementing A Root Key Trust Anchor Sentinel for DNSSEC
-according to `draft-ietf-dnsop-kskroll-sentinel-12`_.
+The module ``ta_sentinel`` implements A Root Key Trust Anchor Sentinel for DNSSEC
+according to standard :rfc:`8509`.
-This feature allows users of validating resolver to detect which root keys
-are configured in their chain of trust. The data from such
-signaling are necessary to monitor the progress of the DNSSEC root key rollover.
+This feature allows users of DNSSEC validating resolver to detect which root keys
+are configured in resolver's chain of trust. The data from such
+signaling are necessary to monitor the progress of the DNSSEC root key rollover
+and to detect potential breakage before it affect users. One example of research enabled by this module `is available here <https://www.potaroo.net/ispcol/2018-11/kskpm.html>`_.
This module is enabled by default and we urge users not to disable it.
If it is absolutely necessary you may add ``modules.unload('ta_sentinel')``
to your configuration to disable it.
-
-.. _`draft-ietf-dnsop-kskroll-sentinel-12`: https://tools.ietf.org/html/draft-ietf-dnsop-kskroll-sentinel-12
projects / thirdparty / knot-resolver.git / commitdiff
