Zone Enumeration Issue, Controversy, and NSEC3
Although the goal of DNSSEC is to increase security, DNSSEC as defined in RFCs 4033 through 4035 introduces a new problem that many believe is a new security vulnerability: the zone enumeration (aka zone walking) issue. DNSSEC forces the exposure of information that by normal DNS best practice is kept private. NSEC3 (RFC 5155) was developed to address this issue; it was released in March 2008. NSEC3 mitigates, but does not eliminate, zone enumeration, since it is possible to exhaustively search the set of all possible names in a zone.
Read more about this topic: Domain Name System Security Extensions
Famous quotes containing the word zone:
“He who, from zone to zone,
Guides through the boundless sky thy certain flight,
In the long way that I must tread alone,
Will lead my steps aright.”
—William Cullen Bryant (1794–1878)