Zone Enumeration Issue, Controversy, and NSEC3
Although the goal of DNSSEC is to increase security, DNSSEC as defined in RFCs 4033 through 4035 introduces a new problem that many believe is a new security vulnerability: the zone enumeration (aka zone walking) issue. DNSSEC forces the exposure of information that by normal DNS best practice is kept private. NSEC3 (RFC 5155) was developed to address this issue; it was released in March 2008. NSEC3 mitigates, but does not eliminate, zone enumeration, since it is possible to exhaustively search the set of all possible names in a zone.
Read more about this topic: Domain Name System Security Extensions
Famous quotes containing the word zone:
“Light is meaningful only in relation to darkness, and truth presupposes error. It is these mingled opposites which people our life, which make it pungent, intoxicating. We only exist in terms of this conflict, in the zone where black and white clash.”
—Louis Aragon (1897–1982)