blob: aa9d73317c168ac99f553dea608321967d6bb569 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
.. SPDX-License-Identifier: GPL-3.0-or-later
.. _mod-ta_sentinel:
Sentinel for Detecting Trusted Root Keys
========================================
The module ``ta_sentinel`` implements A Root Key Trust Anchor Sentinel for DNSSEC
according to standard :rfc:`8509`.
This feature allows users of DNSSEC validating resolver to detect which root keys
are configured in resolver's chain of trust. The data from such
signaling are necessary to monitor the progress of the DNSSEC root key rollover
and to detect potential breakage before it affect users. One example of research enabled by this module `is available here <https://www.potaroo.net/ispcol/2018-11/kskpm.html>`_.
This module is enabled by default and we urge users not to disable it.
If it is absolutely necessary you may add ``modules.unload('ta_sentinel')``
to your configuration to disable it.
|
