Technical Summary
The root zone of the Domain Name System (DNS) is cryptographically
signed using DNS Security Extensions (DNSSEC).
In order to obtain secure answers from the root zone of the DNS using
DNSSEC, a client must configure a suitable trust anchor. This
document describes the format and publication mechanisms IANA uses to
distribute the DNSSEC trust anchors.
This document obsoletes RFC 7958.
Working Group Summary
There was some concern expressed at the time of adoption that the document
should go to the Independent Stream, since it documents established practices,
deployed by IANA at their discretion. It wasn’t clear to everyone what added
value would come from taking it through WG adoption and consensus. However,
documenting established practices in Informational RFCs is nothing new for
DNSOP, and consensus tends to be that clear, understandable documentation of
such fixed “facts of life” helps real-world interoperability of the DNS.
Document Quality
The mechanisms described in this document are in daily use for distributing the
DNSSEC root zone trust anchor for DNS operators across the Internet. 7958bis
reflects experience gained since RFC 7958, published in 2016, including
dropping distribution mechanisms that turned out to be less useful. In
addition, 7958 was published on the Independent Stream, but 7958bis has been a
WG document. It's clearly written, understandable, and technically accurate.
Personnel
Suzanne Woolf is DS.
Warren "Ace" Kumari is RAD!!!!1!!11!111!!!