Update KSK root sentinel references

The mechanism was published as RFC 8509. I've briefly looked at diff
between versions -08 and the RFC and did not find significant protocol
change. Quick manual check confirms what we seem to comply with the
published protocol.

(cherry picked from commit 153311da2d97f1febd7e952842fd7e4cf8f9b673)

diff --git a/doc/arm/general.rst b/doc/arm/general.rst
index 9fba98b36df7fea9e7d50d6d4866ab2ec42b4732..0f364dc9b05376a62d5194b140de060d3df3231b 100644 (file)
--- a/doc/arm/general.rst
+++ b/doc/arm/general.rst
@@ -285,6 +285,9 @@ Parent via CDS/CDNSKEY.* March 2017. [#rfc8078]_
 :rfc:`8484` - P. Hoffman and P. McManus. *DNS Queries over HTTPS (DoH).*
 October 2018. [#noencryptedfwd]_
 
+:rfc:`8509` - G. Huston, J. Damas, W. Kumari. *A Root Key Trust Anchor Sentinel
+for DNSSEC.* December 2018.
+
 :rfc:`8624` - P. Wouters and O. Sury. *Algorithm Implementation Requirements
 and Usage Guidance for DNSSEC.* June 2019.
 

diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index 50a490e6d33a9abc824d45a516b6a6508dfaf8cf..48dbce13b775e0680f44068fa079389801695fc0 100644 (file)
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -2147,7 +2147,7 @@ Boolean Options
    :short: Controls whether BIND 9 responds to root key sentinel probes.
 
    If ``yes``, respond to root key sentinel probes as described in
-   `draft-ietf-dnsop-kskroll-sentinel-08 <https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-kskroll-sentinel-08>`_. The default is ``yes``.
+   :rfc:`8509`:. The default is ``yes``.
 
 .. namedconf:statement:: reuseport
    :tags: server