Update KSK root sentinel references

The mechanism was published as RFC 8509. I've briefly looked at diff
between versions -08 and the RFC and did not find significant protocol
change. Quick manual check confirms what we seem to comply with the
published protocol.

diff --git a/doc/arm/general.rst b/doc/arm/general.rst
index 9fba98b36df7fea9e7d50d6d4866ab2ec42b4732..0f364dc9b05376a62d5194b140de060d3df3231b 100644 (file)
--- a/doc/arm/general.rst
+++ b/doc/arm/general.rst
@@ -285,6 +285,9 @@ Parent via CDS/CDNSKEY.* March 2017. [#rfc8078]_
 :rfc:`8484` - P. Hoffman and P. McManus. *DNS Queries over HTTPS (DoH).*
 October 2018. [#noencryptedfwd]_
 
+:rfc:`8509` - G. Huston, J. Damas, W. Kumari. *A Root Key Trust Anchor Sentinel
+for DNSSEC.* December 2018.
+
 :rfc:`8624` - P. Wouters and O. Sury. *Algorithm Implementation Requirements
 and Usage Guidance for DNSSEC.* June 2019.
 

diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index 5253ee1a861aa711f1a54d259cbc82d348924e40..0e545295dbcc7484b812ffbbee554edfd9f33f86 100644 (file)
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -2101,7 +2101,7 @@ Boolean Options
    :short: Controls whether BIND 9 responds to root key sentinel probes.
 
    If ``yes``, respond to root key sentinel probes as described in
-   `draft-ietf-dnsop-kskroll-sentinel-08 <https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-kskroll-sentinel-08>`_. The default is ``yes``.
+   :rfc:`8509`:. The default is ``yes``.
 
 .. namedconf:statement:: reuseport
    :tags: server