Recently, Knot's negative NSEC3 responses' performance has been greatly improved by pre-computing NSEC3 wildcard proofs during adjust phase. This was done by pointing to wildcard-nonexistence-prooving NSEC3 node from each normal node. However, this makes much mess with zone updates: even a tiny update to the zone might influence this proof for many other nodes. Therefore, instead of pointing directly to proving node, we just store wildcard-nonexistence-prooving NSEC3 name in each normal node, and find the proving node during answering. This makes 1) NSEC3 NXDOMAIN answering few percent slower; 2) general memory consumption for NSEC3 zones cca 15 percent higher; 3) possible to adjust only affected nodes' wildcard-nonexistence-prooving pointers when update (useful as a milestone for implementing COW-trie updates).