nanog mailing list archives
Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.)
From: Matt Corallo <nanog () as397444 net>
Date: Wed, 11 May 2022 14:44:22 -0700
On 5/6/22 5:58 PM, Amir Herzberg wrote:
Hi NANOGers, Questions: - Do you find zone enumeration a real concern?
I have found that some people who are concerned about such things will have LetsEncrypt certs for many of the same hosts they were worried about - which of course makes the DNS zone enumeration issue moot - any CA-signed certs are already public these days.
Doesn't make the issue completely moot, but the reality is if you're exposing something to the internet, there's plenty of ways for it to leak out, so best not to make it public to begin with.
Tangentially related today is the news that all your "private channel" names are actually completely public on Discord[1], which was also true for Slack for many years, with their security folks claiming its totally no problem that anyone can see you have a channel named secret-jv-announcing-next-month-with-company-X.
Matt [1] https://twitter.com/joshfraser/status/1524093111349166080
Current thread:
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.), (continued)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) Masataka Ohta (May 11)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) John McCormac (May 11)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) Masataka Ohta (May 12)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) John McCormac (May 12)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) Max Tulyev (May 24)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) David Conrad (May 24)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) Rubens Kuhl (May 08)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) Masataka Ohta (May 09)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) Daniel Suchy via NANOG (May 08)