Potaroo blog

Author Archives: Potaroo blog

Addressing 2018

Time for another annual roundup from the world of IP addresses. Let's see what has changed in the past 12 months in addressing the Internet and look at how IP address allocation information can inform us of the changing nature of the network itself.

BGP in 2018 – Part2: BGP Churn

The scalability of BGP as the Internet’s routing protocol is not just dependant on the number of prefixes carried in the routing table. Dynamic routing updates are also part of this story. If the update rate of BGP is growing faster than we can deploy processing capability to match then the routing system will lose data, and at that point the routing system will head into turgid instability. This second part of the report of BGP across 2018 will look at the profile of BGP updates across 2018 to assess whether the stability of the routing system, as measured by the level of BGP update activity, is changing.

BGP in 2018 – Part1: The BGP Table

It has become either a tradition, or a habit, each January for me to report on the experience with the inter-domain routing system over the past year, looking in some detail at some metrics from the routing system that can show the essential shape and behaviour of the underlying interconnection fabric of the Internet.

IPv6 in China

China has an estimated Internet user population of 741 million, out of a total population of 1.4 billion people. If there was extensive deployment of IPv6 services in China, then the case that IPv6 has already achieved critical mass of deployment would be easy to make. On the other hand, if such a significant user population had no IPv6 service and no visible plans for IPv6 services, then the entire conversation about the times and certainties about the future of IPv6 takes on a different direction. Which means that China matters in the world of IPv6. It matters a lot.

Internet Economics

The way in which we communicate, and the manner, richness and reach of our communications has a profound impact on the shape and function of our economy and our society, so its perhaps entirely proper that considerations of the manner in which we develop and tune public policies in this industry take place in open forums. One way is to bring together the various facets of how we build, operate and use the Internet and look at these activities from a perspective of economics and public policy.

What’s the Time?

Computers have always had clocks. Knowing the time is important to many computer functions. In a networked world its not only important to know the time, but its equally important to know the right time. But how accurate are all these computer clocks? Lets find out.

Analyzing the KSK Roll

It's been more than two weeks since the roll of the Key Signing Key (KSK) of the root zone on October 11 2018, and it's time to look at the data to see what we can learn from the first roll of the root zone's KSK.

Diving into the DNS

DNS OARC organizes two meetings a year. They are two-day meetings with a concentrated dose of DNS esoterica. Here’s what I took away from the recent 29th meeting of OARC, held in Amsterdam in mid-October 2018.


The level of interest in the general topic of routing security seems to come in waves in our community. At times it seems like the interest from network operators, researchers, security folk and vendors climbs to an intense level, while at other times the topic appears to be moribund. If the attention on this topic at NANOG 74 is anything to go by we seem to be experiencing a local peak.


If you had the opportunity to re-imagine the DNS, what might it look like? Normally this would be an idle topic of speculation over a beer or two, but maybe there’s a little more to the question these days. We are walking into an entirely new world of the DNS when we start to think about exactly might be possible when we look at DNS over HTTPS, or DOH.

Measuring the KSK Roll

It has been a trade-off between waiting long enough to have the key sentinel mechanism deployed in sufficient volume in resolvers to generate statistically valid outcomes and yet start this measurement prior to the planned roll of the KSK on 11th October 2018. These are early results, and reflect less than one week of measurement, but some strong signals are evident in the data.

The Law of Snooping

There is a saying, attributed to Abraham Maslow, that when all you have is a hammer then everything looks like a nail. A variation is that when all you have is a hammer, then all you can do it hit things! For a legislative body, when all you can do is enact legislation, then that’s all you do! Even when it’s pretty clear that the underlying issues do not appear to be all that amenable to legislative measures, some legislatures will boldly step forward into the uncertain morass and legislate where wiser heads may have taken a more cautious and considered stance.


In this article I'd like to look at the roles of Security Extensions for the DNS (DNSSEC) and DNS over Transport Layer Security (DoT) and question DoT could conceivably replace DNSSEC in the DNS.

Measuring ECDSA in DNSSEC – A Final Report

Four years ago we started looking at the level of support for ECDSA in DNSSEC. At the time we concluded that ECDSA was just not supported broadly enough to be usable. Four years later, let's see if we can provide an updated answer to the question of the viability of ECDSA.

The Uncertainty of Measuring the DNS

In this article I’d like to explore a common aspect of measurements of the Internet’s Domain Name system. It’s nowhere near as formally stated as Heisenberg’s Uncertainty Principle, and cannot be proved formally, but the assertion is very similar, namely that there is a basic limit to the accuracy of measurements that can be made about the behaviour and properties of the DNS.

Another 10 Years Later

The evolutionary path of any technology can often take strange and unanticipated turns and twists. At some points simplicity and minimalism can be replaced by complexity and ornamentation, while at other times a dramatic cut-through exposes the core concepts of the technology and removes layers of superfluous additions. The evolution of the Internet appears to be no exception and contains these same forms of unanticipated turns and twists. In thinking about the technology of the Internet over the last ten years, it appears that it’s been a very mixed story about what’s changed and what’s stayed the same.

What Drives IPv6 Deployment?

It's been six years since World IPv6 Launch day on the 6th June 2012. In those six years we've managed to place ever increasing pressure on the dwindling pools of available IPv4 addresses, but we have still been unable to complete the transition to an all-IPv6 Internet.

Measuring ATR

One of the more pressing and persistent problems today is the treatment of fragmented packets. We are seeing a very large number of end-to-end paths that no longer support the transmission of fragmented IP datagrams. What can the DNS do to mitigate this issue?