This is neat. I didn't know about that shortcoming of DNSSEC, but knowing now, I'll definitely use NSEC3.
I've also naively taken it for granted that some of my machines that're only running ssh on IPv6 wouldn't be subject to brute force attacks, but now I can see how someone might discover DNS names that aren't shared publicly. Good to know!
This is neat. I didn't know about that shortcoming of DNSSEC, but knowing now, I'll definitely use NSEC3.
I've also naively taken it for granted that some of my machines that're only running ssh on IPv6 wouldn't be subject to brute force attacks, but now I can see how someone might discover DNS names that aren't shared publicly. Good to know!