[dns-operations] negative dnssec replies

[Florian Weimer]

* Router Log:

> The signing of negative replies from dnssec enabled zones increase the size
> of the zone data an the complexity dns. For the ease of use and
> implementaion would it be a good idea that a dnssec enabled zone could
> signal to a querier that it intends to send unsigned nxdomain replies? This
> mechanism would have to be signed of course.

Doesn't the NSEC3 opt-out mechanism achieve pretty much something like
this?