Zone Enumeration Issue, Controversy, and NSEC3
Although the goal of DNSSEC is to increase security, DNSSEC as defined in RFCs 4033 through 4035 introduces a new problem that many believe is a new security vulnerability: the zone enumeration (aka zone walking) issue. DNSSEC forces the exposure of information that by normal DNS best practice is kept private. NSEC3 (RFC 5155) was developed to address this issue; it was released in March 2008. NSEC3 mitigates, but does not eliminate, zone enumeration, since it is possible to exhaustively search the set of all possible names in a zone.
Read more about this topic: Domain Name System Security Extensions
Famous quotes containing the word zone:
“There was a continuous movement now, from Zone Five to Zone Four. And from Zone Four to Zone Three, and from us, up the pass. There was a lightness, a freshness, and an enquiry and a remaking and an inspiration where there had been only stagnation. And closed frontiers. For this is how we all see it now.”
—Doris Lessing (b. 1919)