Skip to main content

Empty Non-Terminal Sentinel for Black Lies

Document Type Expired Internet-Draft (individual)
Expired & archived
Author Shumon Huque
Last updated 2022-01-28 (Latest revision 2021-07-27)
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


The Black Lies method of providing compact DNSSEC denial of existence proofs has some operational implications. Depending on the specific implementation, it may provide no way to reliably distinguish Empty Non-Terminal names from names that actually do not exist. This draft describes the use of a synthetic DNS resource record type to act as an explicit signal for Empty Non-Terminal names and which is conveyed in an NSEC type bitmap.


Shumon Huque

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)