From 356c339662c329faa88d5c07c67662aceb130071 Mon Sep 17 00:00:00 2001
From: Hannes <105781579+hannes-cf@users.noreply.github.com>
Date: Thu, 30 Oct 2025 17:05:47 +0100
Subject: [PATCH 1/2] Add RFC reference to NSEC3 section in DNS Dev Docs

---
 src/content/docs/dns/dnssec/enable-nsec3.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/content/docs/dns/dnssec/enable-nsec3.mdx b/src/content/docs/dns/dnssec/enable-nsec3.mdx
index ed3a82f25f61dd8..b8bb87b29a166ca 100644
--- a/src/content/docs/dns/dnssec/enable-nsec3.mdx
+++ b/src/content/docs/dns/dnssec/enable-nsec3.mdx
@@ -8,7 +8,7 @@ sidebar:
 
 import { APIRequest } from "~/components";
 
-As explained in [our blog](https://blog.cloudflare.com/black-lies/), Cloudflare's implementation of negative answers with NSEC is protected against zone walking[^1]. This implementation removes the need for NSEC3 and has been [proposed as an IETF standard](https://datatracker.ietf.org/doc/draft-ietf-dnsop-compact-denial-of-existence/).
+As explained in [our blog](https://blog.cloudflare.com/black-lies/), Cloudflare's implementation of negative answers with NSEC is protected against zone walking[^1]. This implementation, also referred to as "Compact Denial of Existance" ([RFC 9824](https://datatracker.ietf.org/doc/rfc9824/)), removes the need for NSEC3 and is significantly more efficient.
 
 However, if you must use NSEC3 for compliance reasons, you can enable it as explained below.
 

From f408daab04c06d9a194e795a9a078171610bb2d8 Mon Sep 17 00:00:00 2001
From: Rebecca Tamachiro <rtamachiro@cloudflare.com>
Date: Tue, 4 Nov 2025 09:49:55 +0000
Subject: [PATCH 2/2] Remove quotes and link to RFC Editor as per Style Guide

---
 src/content/docs/dns/dnssec/enable-nsec3.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/content/docs/dns/dnssec/enable-nsec3.mdx b/src/content/docs/dns/dnssec/enable-nsec3.mdx
index b8bb87b29a166ca..83cfdc31dc28717 100644
--- a/src/content/docs/dns/dnssec/enable-nsec3.mdx
+++ b/src/content/docs/dns/dnssec/enable-nsec3.mdx
@@ -8,7 +8,7 @@ sidebar:
 
 import { APIRequest } from "~/components";
 
-As explained in [our blog](https://blog.cloudflare.com/black-lies/), Cloudflare's implementation of negative answers with NSEC is protected against zone walking[^1]. This implementation, also referred to as "Compact Denial of Existance" ([RFC 9824](https://datatracker.ietf.org/doc/rfc9824/)), removes the need for NSEC3 and is significantly more efficient.
+As explained in [our blog](https://blog.cloudflare.com/black-lies/), Cloudflare's implementation of negative answers with NSEC is protected against zone walking[^1]. This implementation, also referred to as Compact Denial of Existance ([RFC 9824](https://www.rfc-editor.org/rfc/rfc9824.html)), removes the need for NSEC3 and is significantly more efficient.
 
 However, if you must use NSEC3 for compliance reasons, you can enable it as explained below.