diff --git a/src/content/docs/dns/dnssec/enable-nsec3.mdx b/src/content/docs/dns/dnssec/enable-nsec3.mdx
index ed3a82f25f61dd8..83cfdc31dc28717 100644
--- a/src/content/docs/dns/dnssec/enable-nsec3.mdx
+++ b/src/content/docs/dns/dnssec/enable-nsec3.mdx
@@ -8,7 +8,7 @@ sidebar:
 
 import { APIRequest } from "~/components";
 
-As explained in [our blog](https://blog.cloudflare.com/black-lies/), Cloudflare's implementation of negative answers with NSEC is protected against zone walking[^1]. This implementation removes the need for NSEC3 and has been [proposed as an IETF standard](https://datatracker.ietf.org/doc/draft-ietf-dnsop-compact-denial-of-existence/).
+As explained in [our blog](https://blog.cloudflare.com/black-lies/), Cloudflare's implementation of negative answers with NSEC is protected against zone walking[^1]. This implementation, also referred to as Compact Denial of Existance ([RFC 9824](https://www.rfc-editor.org/rfc/rfc9824.html)), removes the need for NSEC3 and is significantly more efficient.
 
 However, if you must use NSEC3 for compliance reasons, you can enable it as explained below.