DNSSEC trust anchor format update and DNS pre-publication

5 November 2024

As previously announced, a new DNSSEC trust anchor has been pre-published for propagation prior to future use planned for 2026.

We have updated the trust anchor XML to include data elements described in the upcoming RFC 7958bis document. This format adds additional information that may be useful for implementers. If your software or processes use the IANA trust anchor file, you should ensure you have processes to retrieve it regularly (such as weekly) and check your systems can process the revised format of the file.

As a reminder, on 11 January 2025, the new key will also be pre-published in the DNS root zone. This will allow RFC 5011 capable resolvers to learn the new key in advance of its use.

For a detailed description of the rollover process, please refer to https://www.iana.org/dnssec/files.