Authenticated Denial of Existence in the DNS

Published: Wed 09 November 2011
Last updated: Tue 04 June 2024

Paper on denial of existence in the DNS and how the protocol evolved. It answers two simple questions: Why do you need at most two NSEC records in negative responses? And why does NSEC3 requires an extra record?

Related links:

publication