DNS Security Extensions (DNSSEC) is now entering widespread deployment. However,
domain signing tools and processes are not yet as mature and reliable as those for
non-DNSSEC-related domain administration tools and processes. This document defines
Negative Trust Anchors (NTAs), which can be used to mitigate DNSSEC validation
failures by disabling DNSSEC validation at specified domains.