Question re prevention of enumeration with DNSSEC (NSEC3, etc.)
John McCormac
jmcc at hosterstats.com
Mon May 9 01:25:29 UTC 2022
On 09/05/2022 00:10, Ray Bellis wrote:
>
>> Is there any case law where someone has asserted a database right for a DNS zone?
>
>> It seems like a rather stupid thing to do. If someone asserted such a
>> right, I would make sure not to infringe it by ensuring no entries
>> from that database entered my DNS caches or other software.
>
> It wasn’t the zone itself as such - the concern was use of enumerated zone data to then perform bulk collection of Whois data.
>
>> Also, I see that in a decision last year the ECJ required "substantial
>> extraction" also caused "significant detriment" to the investment in
>> the database. I'm having trouble coming up with a scenario in which copying
>> even the entire thing would impair the investment unless they are going to
>> assert that the structure of the names somehow gave away secrets about their
>> business plans.
>
> The detriment was scammers sending fake domain renewal notices.
>
> Also, this was 15 or so years ago now…
Many of the ccTLD registries used to be more open about publishing zones
and new registrations. Nominet, the .UK registry, took legal action
against a few operations that were scraping its WHOIS. The gTLDs also
had major issues with fake renewal notices.
https://www.pinsentmasons.com/out-law/news/nominet-wins-damages-in-data-mining-dispute
Around 2003, many of the ccTLD registries in Europe subsequently went
dark on publishing anything other than statistics. Many registrants, at
the time, were being hit with directory invoice scams rather than
renewal scams.
Outside the US, there has been an on-going shift to ccTLDs since about
2005. In many of these countries, the local ccTLD has more new
registations each month than new registrations in gTLDs like .COM/NET/ORG.
With the gTLDs, the domain renewal scams still exist but they are far
rarer now. The search engine submission scams seem to have taken over
but they are also dependent on old WHOIS data and a lot of them
disappeared in 2018 because of GDPR limiting WHOIS data. Some of the
European ccTLDs now publish their zones or lists of registations as the
legal framework has improved. Most no longer publish comprehensive WHOIS
data.
Regards...jmcc
--
**********************************************************
John McCormac * e-mail: jmcc at hosterstats.com
MC2 * web: http://www.hosterstats.com/
22 Viewmount * Domain Registrations Statistics
Waterford * Domnomics - the business of domain names
Ireland * https://amzn.to/2OPtEIO
IE * Skype: hosterstats.com
**********************************************************
--
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
More information about the NANOG
mailing list