Domain Name System (DNS) is an ubiquitous and essential component of the Internet. It performs translations between identifiers and resources (mostly domain names and computers, but not only), yet remains often invisible to the user. But DNS is not harmless: although not intended to be a general purpose database, it has been extended to incorporate additional types of information. Including information that should not be there. In this talk we show how to exploit DNSSEC zone walking to perform advanced recon operations, on a real case, namely to obtain client private information from a large European cloud provider. This constitutes the first practical zone walking attack at such a scale. Using this exploit we collected a substantial amount of private information, enough to share some interesting statistics. By the end of this talk, you will have everything you need to know to perform similar attacks -- and resist them.