Sentinel for Detecting Trusted Root Keys

Root Key Trust Anchor Sentinel for DNSSEC according to standard RFC 8509.

This feature allows users of DNSSEC validating resolver to detect which root keys are configured in resolver’s chain of trust. The data from such signaling are necessary to monitor the progress of the DNSSEC root key rollover and to detect potential breakage before it affect users. One example of research enabled by this module is available here.

The sentinel is enabled by default and we urge users not to disable it unless absolutely necessary.

dnssec:
  trust-anchor-sentinel: false