{"draft":"draft-gieben-auth-denial-of-existence-dns-05","doc_id":"RFC7129","title":"Authenticated Denial of Existence in the DNS","authors":["R. Gieben","W. Mekking"],"format":["ASCII","HTML"],"page_count":"30","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"INDEPENDENT","abstract":"Authenticated denial of existence allows a resolver to validate that\r\na certain domain name does not exist.  It is also used to signal that\r\na domain name exists but does not have the specific resource record\r\n(RR) type you were asking for.  When returning a negative DNS\r\nSecurity Extensions (DNSSEC) response, a name server usually includes\r\nup to two NSEC records.  With NSEC version 3 (NSEC3), this amount is\r\nthree.\r\n\r\nThis document provides additional background commentary and some\r\ncontext for the NSEC and NSEC3 mechanisms used by DNSSEC to provide\r\nauthenticated denial-of-existence responses.","pub_date":"February 2014","keywords":["Internet","DNSSEC","Denial of Existence","NSEC","NSEC3"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC7129","errata_url":null}