Question re prevention of enumeration with DNSSEC (NSEC3, etc.)

• Previous message (by thread): Question re prevention of enumeration with DNSSEC (NSEC3, etc.)
• Next message (by thread): Question re prevention of enumeration with DNSSEC (NSEC3, etc.)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

John McCormac wrote:

>> There are various ways, such as crawling the web, to enumerate
>> domain names.

> That is not an efficient method.

Not a problem for large companies or botnet. So, only
small legal players suffer from hiding zone information.

>> For example, large companies such as google can obtain enumerated
>> list of all the current most active domains in the world, which
>> can, then, be used to access whois.
> 
> What Google might obtain would be a list of domain names with websites. 
> The problem is that the web usage rate for TLDs varies with some ccTLDs 
> seeing a web usage rate of over 40% (40% of domain names having 
> developed websites) but some of the new gTLDs have web usage rates below 
> 10%. Some of the ccTLDs have high web usage rates.

You misunderstand my statement. Domain names not offering
HTTP service can also be collected by web crawling.

>> Hiding DNS zone information from public is beneficial to powerful
>> entities such as google.
> 
> In some respects, yes.

Google can also use gmail to collect domain names used by
sent or received e-mails.

> But there is a problem with that because of all 
> the FUD about websites linking to "bad" websites that had been pushed in 
> the media a few years ago.

Is your concern privacy of "bad" websites?

> Another factor that is often missed is the renewal rate of domain names.

That's not a problem related to enumeration of domain names.

> A lot of personal data 
> such as e-mail addresses, phone numbers and even postal addresses have 
> been removed from gTLD records because of the fear of GDPR.

As I have been saying, the problem, *if+ *any*, is whois. So?

> The zones change. New domain names are registered and domain names are 
> deleted. For many TLDs, the old WHOIS model of registrant name, e-mail 
> and phone number no longer exists. And there are also WHOIS privacy 
> services which have obscured ownership.

As I wrote:

: Moreover, because making ownership information of lands and
: domain names publicly available promotes public well fair
: and domain name owners approve publication of such
: information in advance, there shouldn't be any concern
: of privacy breach forbidden by local law of DE.

that is not a healthy movement.

						Masataka Ohta

• Previous message (by thread): Question re prevention of enumeration with DNSSEC (NSEC3, etc.)
• Next message (by thread): Question re prevention of enumeration with DNSSEC (NSEC3, etc.)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]