%% You should probably cite rfc7129 instead of this I-D.
@techreport{gieben-auth-denial-of-existence-dns-06,
    number =    {draft-gieben-auth-denial-of-existence-dns-06},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-gieben-auth-denial-of-existence-dns/06/},
    author =    {R. (Miek) Gieben and Matthijs Mekking},
    title =     {{Authenticated Denial of Existence in the DNS}},
    pagetotal = 30,
    year =      2014,
    month =     feb,
    day =       3,
    abstract =  {Authenticated denial of existence allows a resolver to validate that a certain domain name does not exist. It is also used to signal that a domain name exists but does not have the specific resource record (RR) type you were asking for. When returning a negative DNS Security Extensions (DNSSEC) response, a name server usually includes up to two NSEC records. With NSEC version 3 (NSEC3), this amount is three. This document provides additional background commentary and some context for the NSEC and NSEC3 mechanisms used by DNSSEC to provide authenticated denial-of-existence responses.},
}