nanog mailing list archives
Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.)
From: Masataka Ohta <mohta () necom830 hpcl titech ac jp>
Date: Thu, 12 May 2022 19:16:24 +0900
John McCormac wrote:
There are various ways, such as crawling the web, to enumerate domain names.
That is not an efficient method.
Not a problem for large companies or botnet. So, only small legal players suffer from hiding zone information.
For example, large companies such as google can obtain enumerated list of all the current most active domains in the world, which can, then, be used to access whois.What Google might obtain would be a list of domain names with websites. The problem is that the web usage rate for TLDs varies with some ccTLDs seeing a web usage rate of over 40% (40% of domain names having developed websites) but some of the new gTLDs have web usage rates below 10%. Some of the ccTLDs have high web usage rates.
You misunderstand my statement. Domain names not offering HTTP service can also be collected by web crawling.
Hiding DNS zone information from public is beneficial to powerful entities such as google.In some respects, yes.
Google can also use gmail to collect domain names used by sent or received e-mails.
But there is a problem with that because of all the FUD about websites linking to "bad" websites that had been pushed in the media a few years ago.
Is your concern privacy of "bad" websites?
Another factor that is often missed is the renewal rate of domain names.
That's not a problem related to enumeration of domain names.
A lot of personal data such as e-mail addresses, phone numbers and even postal addresses have been removed from gTLD records because of the fear of GDPR.
As I have been saying, the problem, *if+ *any*, is whois. So?
The zones change. New domain names are registered and domain names are deleted. For many TLDs, the old WHOIS model of registrant name, e-mail and phone number no longer exists. And there are also WHOIS privacy services which have obscured ownership.
As I wrote:
: Moreover, because making ownership information of lands and
: domain names publicly available promotes public well fair
: and domain name owners approve publication of such
: information in advance, there shouldn't be any concern
: of privacy breach forbidden by local law of DE.
that is not a healthy movement.
Masataka Ohta
Current thread:
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.), (continued)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) Ray Bellis (May 07)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) John Levine (May 08)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) Ray Bellis (May 08)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) John McCormac (May 08)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) John Levine (May 09)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) Rubens Kuhl (May 09)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) John Levine (May 09)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) Masataka Ohta (May 10)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) Masataka Ohta (May 11)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) John McCormac (May 11)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) Masataka Ohta (May 12)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) John McCormac (May 12)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) Max Tulyev (May 24)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) David Conrad (May 24)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) Rubens Kuhl (May 08)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) Masataka Ohta (May 09)
- Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) Daniel Suchy via NANOG (May 08)