Zone Enumeration Issue, Controversy, and NSEC3
Although the goal of DNSSEC is to increase security, DNSSEC as defined in RFCs 4033 through 4035 introduces a new problem that many believe is a new security vulnerability: the zone enumeration (aka zone walking) issue. DNSSEC forces the exposure of information that by normal DNS best practice is kept private. NSEC3 (RFC 5155) was developed to address this issue; it was released in March 2008. NSEC3 mitigates, but does not eliminate, zone enumeration, since it is possible to exhaustively search the set of all possible names in a zone.
Read more about this topic: Domain Name System Security Extensions
Famous quotes containing the word zone:
“Just like those other black holes from outer space, Hollywood is postmodern to this extent: it has no center, only a spreading dead zone of exhaustion, inertia, and brilliant decay.”
—Arthur Kroker (b. 1945)