Question re prevention of enumeration with DNSSEC (NSEC3, etc.)

Masataka Ohta mohta at
Wed May 11 12:31:56 UTC 2022

As I wrote:

>> But some spam actors
>> deliberately compared zone file editions to single out additions, and
>> then harass the owners of newly registered domains, both by e-mail and
>> phone.
> If that is a serious concern, stop whois.

There are various ways, such as crawling the web, to enumerate
domain names.

For example, large companies such as google can obtain enumerated
list of all the current most active domains in the world, which
can, then, be used to access whois.

Hiding DNS zone information from public is beneficial to powerful
entities such as google.

As such

>> A wrench can be a tool or a weapon, depending on how one uses it.
> The wrench is whois.

However, something like trust banks may be able to hide
privacy of domain name owners if such entities can be regulated
properly for people who want some privacy.

                              Masataka Ohta

More information about the NANOG mailing list