Category Archives for "Potaroo blog"


The DNS Operations, Analysis, and Research Center (DNS-OARC) brings together DNS service operators, DNS software implementors, and researchers together to share concerns, information and learn together about the operation and evolution of the DNS. They meet between two to three times a year in a workshops format. The most recent workshop was held in Charlotte, North Carolina in early February 2024. Here are my thoughts on the material that was presented and discussed at this workshop.

DNS and the DELEG Proposal

The DNS is a large-scale distributed database, where the internal structure of the databaase mirrors the hierarchical nature of the name space itself. In the database the points of delegation from one node to another are de noted by DNS Nameserver records. This structure has served the DNS adequately for many decades, so why change it?

IP Addresses through 2023

Time for another annual roundup from the world of IP addresses. Let’s see what has changed in the past 12 months in addressing the Internet and look at how IP address allocation information can inform us of the changing nature of the network itself.

BGP in 2023 – BGP Updates

the scalability of BGP as the Internet’s routing protocol is not just dependant on the number of prefixes carried in the routing table. BGP protocol behaviour in the form of dynamic routing updates are also part of this story. If the update rate of BGP is growing faster than we can deploy processing capability to match, then the routing system will lose coherence, and at that point the network will head into periods of instability. This report looks at the profile of BGP updates across 2023 to assess whether the stability of the routing system, as measured by the level of BGP update activity, is changing.

BGP in 2023 – Have we reached Peak IPv4?

At the start of each year, I’ve been reporting on the behaviour of the Internet’s inter-domain routing system over the previous 12 months, looking in some detail at some metrics from the routing system that can show the essential shape and behaviour of the underlying interconnection fabric of the Internet. The year 2023 marks a significant point in the evolution of the Internet where the strong growth numbers that were a constant feature of the past thirty years are simply not present in the data. Not only is the Internet’s growth slowing down significantly, but in the IPv4 network it appears to be shrinking, which is unprecedented in the brief history of the Internet to date.

DNS at IETF 118

The IETF met in Prague in the first week of November 2023, and, as usual there was a flurry of activity in the DNS-related Working groups. Here's a roundup of those DNS topics I found to be of interest at that meeting.

Call the Routing Police!

There is a continual strewam of routing anomalies that are seen in today's Internet. Some are the result of operational mishaps, some are malicious and deliberate, but all of them have some impact. The latest routing mishap in Australia affected some 10 million customers when all their services, including telephony, IP, mobiles and fixed services all stopped. How can we enforce a set of requirements for service operators to do a better job? Where's the Routing Police to chase down these incidents and find out where poor operational practices are compromising the stability of the public Internet?

IPv6, the DNS and Happy Eyeballs

If we are going to update RFC 3901, "DNS IPv6 Transport Guidelines," and offer a revised set of guidelines that are more positive guidelines about the use of IPv6 in the DNS, then what should such updated guidelines say?

How We Measure: RPKI ROA Signing and Route Origination Validation

t APNIC Labs we publish a number of measurements of the deployment of various technologies that are being adopted on the Internet. Here we will look at how we measure the adoption of the signing of Route Origination Attestations (ROAs) as part of the framework for securing inter-domain routing on the Internet using the digital credential framework provided by the Resource Public Key Infrastructure (RPKI).

Notes from NANOG 89: BGP Error Handling

Distributed routing protocols rely on each active router processing routing updates in an identical manner. Given that there are so many implementation of the BGP routing protocol then the role of a clear standard specification is critical. This extends to the handling of error conditions. What happens when some implementations handle errors in a different manner to all the others?

Internet Governance in 2023

In 2005 the UN-sponsored World Summit on the Information Society (WSIS) eventually agreed on a compromise approach that deferred any determination on the matter of the governance of the Internet and instead decided to convene a series of meetings on the underlying policy principles relating to Internet Governance. Hence, we saw the inauguration of a series of Internet Governance Forum (IGF) meetings. These forums were intended to be non-decisional forums for all stakeholders to debate the issues. Eighteen later this is still going on. After so long is there anything left to talk about?

Notes from OARC 41

OARC held a 2-day meeting in September in Danang, Vietnam, with a set of presentations on various DNS topics. Here’s some observations that I picked up from the presentations that were made that meeting.

DNS is the new BGP

One of the big changes within the Internet over the last decade or so has been the shift to replicated services. Service replication allows each individual service point to be positioned closer to clusters of users. The question now becomes who (and how) selects the "best" service point to use in response to each user's service request. It seems that in many cases the answer is the DNS, and not the BGP routing protocol.

Chipping Away

So far, the silicon technology at the heart of this revolution has been truly prodigious. The processes of assembling silicon wafers and the superimposition of tracks and gates hs been the subject of continual refinement, and some 75 years after the invention of the transistor we are now able to cram almost a trillion of them onto a silicon wafer not much biggeer than a fingernail. Have we reached the end of this silicon road, or is there more to come?

Measuring the Use of DNSSEC

It's challenging to measure the uptake of DNSSEC in the DNS. There are just so many aspects of the DNS that are occluded from view! How many DNS names are there in the DNS? How many of these are signed? How many queries are processed by DNS infrastructure? How many queries add DNSSEC validcation. We present a new measurement here which is a query-weighted view of the DNS, looking the amount of queries for DNS names that are DNSSEC-signed as a proportion of the total query load.


The IEPG meets for a couple of hours before each IETF meeting. It's a somewhat eclectic collection of presentations, with some vague common thread of relevance to Internet operations. Here's a summary of my impression from these IEPG session presentations for IETF 117.
1 2 3 17