Skip to content

Add RFC reference to NSEC3 section in DNS Dev Docs #26184

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 4, 2025
Merged

Add RFC reference to NSEC3 section in DNS Dev Docs #26184

merged 2 commits into from
Nov 4, 2025
+1 −1

Conversation

@hannes-cf
Copy link
Contributor

No description provided.

@hannes-cf hannes-cf requested review from a team and RebeccaTamachiro as code owners October 30, 2025 16:06
@github-actions github-actions bot added size/xs October 2025 product:dns Issues or PRs related to DNS labels Oct 30, 2025
RebeccaTamachiro
RebeccaTamachiro reviewed Nov 4, 2025
View reviewed changes
src/content/docs/dns/dnssec/enable-nsec3.mdx
import { APIRequest } from "~/components";

As explained in [our blog](https://blog.cloudflare.com/black-lies/), Cloudflare's implementation of negative answers with NSEC is protected against zone walking[^1]. This implementation removes the need for NSEC3 and has been [proposed as an IETF standard](https://datatracker.ietf.org/doc/draft-ietf-dnsop-compact-denial-of-existence/).
As explained in [our blog](https://blog.cloudflare.com/black-lies/), Cloudflare's implementation of negative answers with NSEC is protected against zone walking[^1]. This implementation, also referred to as Compact Denial of Existance ([RFC 9824](https://www.rfc-editor.org/rfc/rfc9824.html)), removes the need for NSEC3 and is significantly more efficient.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://developers.cloudflare.com/style-guide/formatting/external-references/#links

@RebeccaTamachiro RebeccaTamachiro enabled auto-merge (squash) November 4, 2025 09:51
@RebeccaTamachiro RebeccaTamachiro merged commit 17c1cc9 into cloudflare:production Nov 4, 2025
2 checks passed
@workers-devprod workers-devprod added the contribution [Holopin] Recognizes a docs contribution, big or small label Nov 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RebeccaTamachiro RebeccaTamachiro RebeccaTamachiro approved these changes

Assignees

@RebeccaTamachiro RebeccaTamachiro

Labels

contribution [Holopin] Recognizes a docs contribution, big or small October 2025 product:dns Issues or PRs related to DNS size/xs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hannes-cf @RebeccaTamachiro @workers-devprod