Question re prevention of enumeration with DNSSEC (NSEC3, etc.)

John Levine johnl at
Tue May 10 03:40:00 UTC 2022

It appears that Rubens Kuhl <rubensk at> said:
>> It's perfectly reasonable to claim a database right in the WHOIS data,
>> but the offense is scraping WHOIS, not enumerating the DNS zone. ...

>The zone file could be seen as an accessory to the database rip-off.
>For instance, it would be hard to see such a dependency on Alexa 1M
>top domains, since they are already enumerated. But some spam actors
>deliberately compared zone file editions to single out additions, and
>then harass the owners of newly registered domains, both by e-mail and

Yeah, I know, and some of us download and diff zone files every day to
see what's new to track abuse trends.  That doesn't annoy anyone other
than perhaps people whose phish campaigns it might disrupt.

Once again, the issue is WHOIS scraping, not the DNS.


More information about the NANOG mailing list