Re: Root KSK roll
I do not quite understand. It does not appear that the new KSK is somehow linked to the new signing algorithm ed25519 , or at least the article is silent on this. From what I read, it is a new DNSSEC signing key for the root servers, so as long as your (new or not so-new) DNS server has the new DNSSEC keys installed, it should just work. The RFC 8145 seem to be about enabling the root (and not so root) DNS servers to build up a knowledge about who has the new key and who has not, and it does not need to be installed everywhere. Neither seem related to the new key signing algo.
Unless the requirement of the new key is the use of the new signing algo, which would be a pretty important point to make in the article (and yet it is no there)?