IANA operation details on the root key ceremonies and procedures are at https://www.iana.org/dnssec
You may be interested by section §4.2.2 of https://www.iana.org/dnssec/dps/ksk-operator/ksk-dps.txt
Access to and management of cryptographic hardware is based on the
principle of successive barriers in three tiers, requiring at least
seven trusted persons from four different roles. These barriers are
as follows:
Tier 5:
Physical access to safe room requires one person from the Key
Ceremony Administrator role in combination with one person from
the Internal Witness roles.
Tier 6:
Physical access to cryptographic hardware (HSM) and activation
material requires one out of two of the Safe Security
Controller #1s, and one out of the two Safe Security Controller
#2s in addition to the Trusted Persons required at Tier 5 and
7.
Tier 7:
Activation of a HSM requires three out of seven Crypto Officers
to extract activation material from above safe deposit boxes
using their physical key. Safe deposit box operation that
involves opening of any one of the deposit box requires three
out of seven Crypto Officers to be present.
Restoration of the contents of a HSM requires at least six trusted
persons from two different roles, as follows:
Secret share:
Reconstruction of the secret key used for encryption of the
application keys requires five out of seven Recovery Key Share
Holders.
Encrypted application keys:
Physical access to the encrypted application keys requires one
person from the Ceremony Administrators role, one person from
And section §5.2.2:
5.2.2. Private key (m-of-n) multi-person control
The RZ KSK Operator has implemented technical and procedural
mechanisms that require the participation of multiple trusted
individuals to perform sensitive cryptographic operations. The RZ
KSK Operator splits activation data needed to make use of the RZ KSK
private key onto separate smartcards controlled by trusted
individuals (Crypto Officers) selected from members of the Internet
community not already part of root zone management operations.
Specifically, organizationally separate parties, not affiliated with
PTI, ICANN or Verisign.
A threshold number of smartcards (m) out of the total number of
smartcards created and distributed for a particular hardware security
module (n) is required to activate a RZ KSK private key stored on the
module. The threshold number of cards needed to sign using the RZ
KSK is three out of seven. The smartcards are protected in
accordance with Section 5.4.2.
Typically, when you create a key on an HSM, you can generate various Officers access to it, and decide how many of them will be required to unlock the private key. You can find example at Standards for secure key backup of master keys with secret sharing
Note that is it not about "for recovering the DNS registry in the event of some catastrophic failure. "
DNSSEC adds cryptography in the DNS in the sense that each zones signs its records with some key and some (other) key are stored in the parent and so on until the root. IANA (ICANN) handles the root procedure-wise and for the ceremonies and such, while Verisign manages the day to day operations of it (technically of the A root nameserver, which is the one from which all other ones derive their configuration).
So the question is more around how the root key is protected, and what happens when it is lost. But even outside of those edge cases, the root key ceremonies also need multiple crypto officers to unlock the key when it is needed (twice per year). You will see in mainstream media sensationalist articles about the 7 people to have the keys to the Internet (example of such bad writing: https://www.theguardian.com/technology/2014/feb/28/seven-people-keys-worldwide-internet-security-web), while https://www.cloudflare.com/dns/dnssec/root-signing-ceremony/ will give you both a more accurate description with more real technical details.
You can see at https://www.iana.org/dnssec/tcrs the current list of crypto officers (needed for bi annual key rotation ceremonies) and the "recovery key share holders".
The first one are needed to just unlock the private key, the second ones to reconstruct it if it gets lost/damaged/unrecoverable/etc., per §5.2.4:
5.2.4. Private key backup
Encrypted copies of the RZ KSK private key(s) are backed up onto
portable media held by the RZ KSK Operator and sent by courier to the
other facilities. The key used to encrypt the private key(s) is
backed up using a five out of seven threshold scheme with smartcards
distributed to trusted individuals (Recovery Key Share Holders)
selected from members of the Internet community not already part of
root zone management operations (specifically, organizationally
separate parties, not affiliated with PTI, ICANN or Verisign). The
Recovery Key Share Holders keep the cards in tamper-evident bags,
stored in geographically dispersed locations under their control.
