Question re prevention of enumeration with DNSSEC (NSEC3, etc.)

John McCormac jmcc at
Mon May 9 01:25:29 UTC 2022

On 09/05/2022 00:10, Ray Bellis wrote:
>> Is there any case law where someone has asserted a database right for a DNS zone?
>> It seems like a rather stupid thing to do. If someone asserted such a
>> right, I would make sure not to infringe it by ensuring no entries
>> from that database entered my DNS caches or other software.
> It wasn’t the zone itself as such - the concern was use of enumerated zone data to then perform bulk collection of Whois data.
>> Also, I see that in a decision last year the ECJ required "substantial
>> extraction" also caused "significant detriment" to the investment in
>> the database.  I'm having trouble coming up with a scenario in which copying
>> even the entire thing would impair the investment unless they are going to
>> assert that the structure of the names somehow gave away secrets about their
>> business plans.
> The detriment was scammers sending fake domain renewal notices.
> Also, this was 15 or so years ago now…

Many of the ccTLD registries used to be more open about publishing zones 
and new registrations. Nominet, the .UK registry, took legal action 
against a few operations that were scraping its WHOIS. The gTLDs also 
had major issues with fake renewal notices.

Around 2003, many of the ccTLD registries in Europe subsequently went 
dark on publishing anything other than statistics. Many registrants, at 
the time, were being hit with directory invoice scams rather than 
renewal scams.

Outside the US, there has been an on-going shift to ccTLDs since about 
2005. In many of these countries, the local ccTLD has more new 
registations each month than new registrations in gTLDs like .COM/NET/ORG.

With the gTLDs, the domain renewal scams still exist but they are far 
rarer now. The search engine submission scams seem to have taken over 
but they are also dependent on old WHOIS data and a lot of them 
disappeared in 2018 because of GDPR limiting WHOIS data. Some of the 
European ccTLDs now publish their zones or lists of registations as the 
legal framework has improved. Most no longer publish comprehensive WHOIS 

John McCormac  *  e-mail: jmcc at
MC2            *  web:
22 Viewmount   *  Domain Registrations Statistics
Waterford      *  Domnomics - the business of domain names
Ireland        *
IE             *  Skype:

This email has been checked for viruses by Avast antivirus software.

More information about the NANOG mailing list