> On Mar 24, 2015, at 11:11 AM, Warren Kumari <war...@kumari.net> wrote: >>>> There is a paper "Stretching NSEC3 to the Limit: Efficient Zone >>>> Enumeration Attacks on NSEC3 Variants" by Sharon Goldberg et al, which >>>> covers some of the trivial solutions and explains why it won't work: >>>> >>>> http://www.cs.bu.edu/~goldbe/papers/nsec3attacks.pdf >>>> > > Yes, this was presented at (IIRC) DNS-OARC in Los Angeles. While the > paper is correct, my view of the response was "shrug", and "this is > not a problem worth spending resources to solve". While some zone > operators want to minimize zone enumeration, it's not really viewed as > a huge issue. This is like buying a triple hardened bank vault door to > protect a slice of cake.
And if you REALLY want this, TODAY, get a HSM (optional), program it to ONLY sign NSEC3 records, and just dynamically sign (and cache) NSEC3 records for your NXDOMAINs. You use the HSM to protect the key if you are paranoid, and you get "no enumeration" records. By caching the responses, you prevent a DOS from preventing you from serving up common NXDOMAIN records, and the DOS only affects the NXDOMAIN side anyway: you can probably get the same results in most cases by serving up an NXDOMAIN without an NSEC3 RRSET, as the resolver will go "this doesn't validate" and give a servfail anyway. -- Nicholas Weaver it is a tale, told by an idiot, nwea...@icsi.berkeley.edu full of sound and fury, 510-666-2903 .signifying nothing PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
