Economical With The Truth: Making DNSSEC Answers Cheap

Cloudflare has implemented a unique approach to handling negative answers in DNSSEC by using "black lies" and the "DNS shotgun." This method reduces compute cost and helps keep packet size small, allowing them to provide DNSSEC for free for any domain. The technique involves returning false previous and next names in NXDOMAIN responses and setting all types in NODATA responses, which ensures compliance with existing standards while minimizing the need for database lookups or precomputation of dynamic answers.