Can NSEC5 be practical for DNSSEC deployments?