anchor
Click on the red underlined text to get to the source
... Configured Trust Anchors ...
... validate signatures
without such a configured trust anchor, the resolver SHOULD have some
reasonably robust mechanism for obtaining such keys when it boots;
examples of such a mechanism would be some form of non-volatile
storage ...
... configuration mechanism.
Note that trust anchors also cover key material that is updated in a
secure manner. This secure manner ...
... DS RR. The process for obtaining and authenticating this initial
trust anchor is achieved via some external mechanism. For example, a
resolver could use some off-line authenticated ...
... DNSKEY RR. The remainder of this section
assumes that the resolver has somehow obtained an initial set of
trust anchors.
An initial DNSKEY RR ...
... validation within an island of security is in how the validator
obtains a trust anchor for the authentication chain.
...