Grant Taylor via dns-operations <[email protected]> wrote: > On 4/12/21 7:51 PM, Viktor Dukhovni wrote: > > my advice is to use NSEC unless you have an absolutely compelling > > case to attempt to deter zone enumeration > > Would you please elaborate on why that is your opinion / advice? > > It seems contrary to the litmus test of which is more secure vs > difficult to implement.
Well, NSEC3 is definitely complicated, difficult to understand and debug, and it has parameters that need some expertise to configure. At least Wes and Viktor have a draft in progress to provide advice to those who choose NSEC3. https://tools.ietf.org/html/draft-hardaker-dnsop-nsec3-guidance NSEC3 gives you two things that NSEC does not: 1. opt-out, useful for zones that have a very large number of unsigned delegations; 2. an obfuscated list of names in the zone. Static NSEC3 can't provide any serious protection against zone enumeration, because DNS names are friendly to people and therefore an ideal candidate for password crackers. (If anyone populates their zones with the output from `pwgen` I will be both very entertained and eager to speak to their users.) And NSEC3 can't use the kind of work-hardening that password hashes use to protect against cracking, because high iteration counts are absolute murder to both authoritative servers and validators. Hence Wes and Viktor's draft recommends an iteration count of 0 (i.e. hash once). Maybe use NSEC3 if you have a stunt DNS server like Cloudflare's that is able to generate narrow NSEC3 denials, or if you are a large TLD without DNSSEC incentives, but otherwise NSEC3 gives you a lot of pain for no real benefit. Tony. -- f.anthony.n.finch <[email protected]> https://dotat.at/ North Bailey: Southwesterly 3 to 5. Moderate. Showers. Good. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
