medium Nessus Plugin ID 59959
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote host may disclose the hostnames of other systems.


The remote DNSSEC server uses NSEC records for negative answers to queries for its zone(s). NSEC records link to additional existing domains. These existing domains can be used to craft further queries that will lead to further NSEC records and thus further domains. This process can be repeated until all domains in the zone(s) are disclosed.


Remove NSEC records for the affected zones and use an NSEC3 signing algorithm.

See Also


Plugin Details

Severity: Medium

ID: 59959

File Name: dnssec_nsec.nasl

Version: Revision: 1.2

Type: remote

Family: DNS

Published: 7/12/2012

Updated: 7/26/2012

Dependencies: dnssec_resolver.nasl

Risk Information


Risk Factor: Medium

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: DNSSEC/udp/53, DNSSEC/zone