http://www.rfc-editor.org/rfc/rfc5155.txt
RFC 5155: DNS Security (DNSSEC) Hashed Authenticated Denial of Existence, B. Laurie, G. Sisson, R. Arends, D. Blacka2008-03-01T23:00:00-00:00The Domain Name System Security (DNSSEC) Extensions introduced the NSEC resource record (RR) for authenticated denial of existence. This document introduces an alternative resource record, NSEC3, which similarly provides authenticated denial of existence. However, it also provides measures against zone enumeration and permits gradual expansion of delegation-centric zones. [STANDARDS-TRACK]