Question re prevention of enumeration with DNSSEC (NSEC3, etc.)

Rubens Kuhl rubensk at
Tue May 10 03:09:55 UTC 2022

> It's perfectly reasonable to claim a database right in the WHOIS data,
> but the offense is scraping WHOIS, not enumerating the DNS zone.
> I could enumerate the DNS zone twice a day every day and so long as I stayed
> away from WHOIS, nobody would notice or care.

The zone file could be seen as an accessory to the database rip-off.
For instance, it would be hard to see such a dependency on Alexa 1M
top domains, since they are already enumerated. But some spam actors
deliberately compared zone file editions to single out additions, and
then harass the owners of newly registered domains, both by e-mail and

A wrench can be a tool or a weapon, depending on how one uses it.


More information about the NANOG mailing list