Question re prevention of enumeration with DNSSEC (NSEC3, etc.)
Masataka Ohta
mohta at necom830.hpcl.titech.ac.jp
Thu May 12 10:16:24 UTC 2022
John McCormac wrote:
>> There are various ways, such as crawling the web, to enumerate
>> domain names.
> That is not an efficient method.
Not a problem for large companies or botnet. So, only
small legal players suffer from hiding zone information.
>> For example, large companies such as google can obtain enumerated
>> list of all the current most active domains in the world, which
>> can, then, be used to access whois.
>
> What Google might obtain would be a list of domain names with websites.
> The problem is that the web usage rate for TLDs varies with some ccTLDs
> seeing a web usage rate of over 40% (40% of domain names having
> developed websites) but some of the new gTLDs have web usage rates below
> 10%. Some of the ccTLDs have high web usage rates.
You misunderstand my statement. Domain names not offering
HTTP service can also be collected by web crawling.
>> Hiding DNS zone information from public is beneficial to powerful
>> entities such as google.
>
> In some respects, yes.
Google can also use gmail to collect domain names used by
sent or received e-mails.
> But there is a problem with that because of all
> the FUD about websites linking to "bad" websites that had been pushed in
> the media a few years ago.
Is your concern privacy of "bad" websites?
> Another factor that is often missed is the renewal rate of domain names.
That's not a problem related to enumeration of domain names.
> A lot of personal data
> such as e-mail addresses, phone numbers and even postal addresses have
> been removed from gTLD records because of the fear of GDPR.
As I have been saying, the problem, *if+ *any*, is whois. So?
> The zones change. New domain names are registered and domain names are
> deleted. For many TLDs, the old WHOIS model of registrant name, e-mail
> and phone number no longer exists. And there are also WHOIS privacy
> services which have obscured ownership.
As I wrote:
: Moreover, because making ownership information of lands and
: domain names publicly available promotes public well fair
: and domain name owners approve publication of such
: information in advance, there shouldn't be any concern
: of privacy breach forbidden by local law of DE.
that is not a healthy movement.
Masataka Ohta
More information about the NANOG
mailing list