You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/dns/dnssec/enable-nsec3.mdx
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ sidebar:
8
8
9
9
import { APIRequest } from"~/components";
10
10
11
-
As explained in [our blog](https://blog.cloudflare.com/black-lies/), Cloudflare's implementation of negative answers with NSEC is protected against zone walking[^1]. This implementation removes the need for NSEC3 and has been [proposed as an IETF standard](https://datatracker.ietf.org/doc/draft-ietf-dnsop-compact-denial-of-existence/).
11
+
As explained in [our blog](https://blog.cloudflare.com/black-lies/), Cloudflare's implementation of negative answers with NSEC is protected against zone walking[^1]. This implementation, also referred to as "Compact Denial of Existance" ([RFC 9824](https://datatracker.ietf.org/doc/rfc9824/)), removes the need for NSEC3 and is significantly more efficient.
12
12
13
13
However, if you must use NSEC3 for compliance reasons, you can enable it as explained below.
0 commit comments