DNS Security (DNSSEC) Hashed Authenticated Denial of Existence

E746788

DNS Security (DNSSEC) Hashed Authenticated Denial of Existence is a DNSSEC extension that uses cryptographic hashing to provide verifiable, secure proof that a requested DNS name or type does not exist without revealing the full contents of a zone.

Try in SPARQL Jump to: Surface forms Statements Referenced by

All labels observed (1)

Statements (35)

Predicate Object
instanceOf DNS security mechanism
DNSSEC extension
addressesProblem information leakage about non-requested domain names
zone enumeration risk
basedOn hash values of domain names
category DNS privacy enhancement
DNSSEC denial-of-existence mechanism
comparedTo NSEC
NSEC3 NERFINISHED
designGoal limit disclosure of zone contents
support efficient DNSSEC validation
doesNotRequire disclosure of neighboring domain names in zone order
ensures authenticity of denial-of-existence responses
integrity of denial-of-existence responses
evidenceType cryptographically verifiable proof of non-existence
goal to avoid revealing full DNS zone contents
to prove non-existence of DNS names or types
mitigates offline zone-walking attacks
operatesIn Domain Name System (DNS) NERFINISHED
operatesWith DNS Security Extensions (DNSSEC) NERFINISHED
operationalContext authoritative DNS servers
validating DNS resolvers
property cryptographically secure
privacy-preserving
verifiable
provides authenticated denial of existence
relatedConcept authenticated denial of existence
relatedTo DNS zone privacy
DNSSEC proof construction
requires DNSSEC validation by resolvers
securityProperty protection against forged NXDOMAIN responses
resistance to zone enumeration
usedFor proving that a DNS name does not exist
proving that a DNS record type does not exist at an existing name
uses cryptographic hashing

How these facts were elicited

The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.

Instruction
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10.

# Requirements
- If you don't know the subject at all, return an empty list.
- If the subject is not a named entity, return an empty list.
- Include at least one triple where predicate is "instanceOf".
- Do not get too wordy.
- Separate several objects into multiple triples with one object.
Input
Subject: DNS Security (DNSSEC) Hashed Authenticated Denial of Existence
Description of subject: DNS Security (DNSSEC) Hashed Authenticated Denial of Existence is a DNSSEC extension that uses cryptographic hashing to provide verifiable, secure proof that a requested DNS name or type does not exist without revealing the full contents of a zone.

Referenced by (1)

Full triples — surface form annotated when it differs from this entity's canonical label.

RFC 5155 title DNS Security (DNSSEC) Hashed Authenticated Denial of Existence