{"draft":"draft-ietf-dnsop-compact-denial-of-existence-07","doc_id":"RFC9824","title":"Compact Denial of Existence in DNSSEC","authors":["S. Huque","C. Elmerot","O. Gudmundsson"],"format":["HTML","TEXT","PDF","XML"],"page_count":"14","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Domain Name System Operations","abstract":"This document describes a technique to generate a signed DNS response\r\non demand for a nonexistent name by claiming that the name exists but\r\ndoesn't have any data for the queried record type. Such responses\r\nrequire only one minimally covering NSEC or NSEC3 record, allow\r\nonline signing servers to minimize signing operations and response\r\nsizes, and prevent zone content disclosure. \r\n\r\nThis document updates RFCs 4034 and 4035.","pub_date":"September 2025","keywords":["DNS","DNSSEC","Denial of Existence","Compact Denial of Existence","Compact Answers","Black Lies","NXDOMAIN","NODATA","Empty Non-Terminal"],"obsoletes":[],"obsoleted_by":[],"updates":["RFC4034","RFC4035"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9824","errata_url":null}