The DNS Security Extensions (DNSSEC) were developed to provide origin
authentication and integrity protection for DNS data by using digital signatures.
These digital signatures can be verified by building a chain of trust starting from
a trust anchor and proceeding down to a particular node in the DNS. This document
specifies two different ways for validating resolvers to signal to a server which
keys are referenced in their chain of trust. The data from such signaling allow
zone administrators to monitor the progress of rollovers in a DNSSEC-signed zone.