Recent Articles
DNS Nameservers
December 2024
It's common folklore in the Domain Name System that a delegated domain name must be served by 2 or more nameservers. This guidance raises a couple of questions. Firstly, when presented with a list of nameservers for a domain how do recursive resolvers respond? Do they send queries to all of the nameservers at once? Or do they serialise their actions in looking for a responsive nameserver? Secondly, if these queries are serialised, then how can a domain administrator organise the zone’s nameservers to maximise both DNS resolution performance and service resilience? More...
Post-Quantum Cryptography
November 2024
If we ever get to the point of being able to build capable quantum computers when much of the security infrastructure of today's digital world is at risk. For some its not "if" but "when" and if that's the case then its already time to prepare. More...
DNS OARC 43
November 2024
The DNS Operations, Analysis, and Research Center (DNS-OARC) brings together DNS service operators, DNS software implementors, and researchers together to share concerns, information and learn together about the operation and evolution of the DNS. The most recent DNS OARC workshop was held in Prague, October 2024. Here are my thoughts on some of the material that was presented and discussed at this workshop.More...
How We Measure: ISP User Counts
November 2024
At APNIC Labs we generate, on a daily ongoing basis, our estimate of the number of users per ISP for every ISP that we see on the Internet through the ad-based measurement platform. This report is published at the URL: https://stats.labs.apnic.net/aspop. As far as we are aware this is the only such public data set that encompasses the entirety of the public Internet. Here I would like to explain how we calculate this data. More...
Ethernet at NANOG 92
October 2024
Ethernet has been the mainstay of much of the networking environment for almost 50 years now, but that doesn't mean that it’s remained unchanged over that period. The evolution of this technology has featured continual increases in the scale of Ethernet networks, increasing in capacity, reach and connections. I’d like to report on a couple of Ether-related presentations that took place at the recent NANOG 92 meeting, held in Toronto in October 2024 that described some recent developments in Ethernet. More...
The IPv6 Transition
October 2024
I wrote an article in May 2022, asking “Are we there yet?” about the transition to IPv6. At the time I concluded the article on an optimistic note, observing that we may not be ending the transition just yet, but we are closing in. I thought at the time that we won’t reach the end of this transition to IPv6 with a bang, but with a whimper. A couple of years later, I’d like to revise these conclusions with some different thoughts about where we are heading and why. More...
The Size of Packets
October 2024
We've now been running packet-switched networks for many decades, and these days it's packets and not virtual circuits lie behind most of the world's digital communications service. But some very fundamental questions remain unanswered in this packet-switched world. Perhaps the most basic questions is: "How big should a packet be?" And, surprisingly enough, there is no clear answer! More...
The Evolution of PON
September 2024
The evolution of wired access networks for suburban reticulation has been driven by a special set of economic and technical circumstances. Infrastructure assets are in this sector need to have an extended service life in order to by financially viable. While optical technology continues to evolve rapidly the challenge is to map this changing technology on to a fixed fibre cable plant. More...
Looking for 240/4 Addresses
September 2024
In the IANA IPv4 Address registry a block of addresses, 240.0.0.0/4 is marked as reserved for "Future Use"". If we have run out of available IPv4 addresses, then why are some quarter of a billion IPv4 addresses still sitting idle in an IANA registry waiting for an undefined Future Use?More...
Bytes from IETF 120 - A Few Routing Topics
July 2024
There was, as usual, a lot of work in the area of Inter-Domain Routing at IETF 120. There were a few routing-related topics that at IETF 120 that caught my attention. More...
Bytes from IETF 120 - Deep Space IP
July 2024
It has been an enduring fascination to see how we could use packet networking in the context of digital communications in space. Why can't we just use the IP protocol suite and declare success? The tricky issue with space is that it is really very big! More...
Bytes from IETF 120 - DNS Topics
July 2024
As usual, the recent IETF meeting contained a large set of topics related to the Domain Name Systems and its operation. Here's a quick rundown on some DNS topics that caught my eye. More...
Bytes from IETF 120 - BBR 1,2,3
July 2024
On the topic of TCP performance optimisation I’d like to dwell on one particular presentation from the ACM/IRTF Applied Networking Research Workshop held at IETF 120, "BBRv3 in the public Internet: a boon or a bane?"More...
Privacy and DNS Client Subnet
July 2024
To ensure service consistency in a Content Distribution Network (CDN) replicated instances of the content are named with the same DNS name, and the DNS conventionally offers the same resolution outcome to each user when they query for the IP address of the content server. How can the CDN "steer" each user to the closest instance of the desired content to optimise the subsequent content transaction? At the same time the user is revealing their location within the network to inform this steering decision. To what extent is such a steering function compromising the privacy expectations of users with respect to the location and their online actions? More...
Revisiting DNS and Truncation
July 2024
The choice of UDP as the default transport for the DNS was not a completely unqualified success. On the positive side, the stateless query/response model of UDP has been a good fit to the stateless query/response model of DNS transactions between a client and a server. On the other hand, these same minimal overheads imply that DNS over UDP cannot perform prompt detection of packet loss and cannot efficiently defend itself against various approaches to tampering with the DNS, such as source address spoofing, payload alteration and third-party packet injection. Perhaps most importantly, the way UDP handles large payloads is a problem. More...
DNS Evolution
June 2024
The DNS has always been a crucial part of the overall Internet architecture. However, the DNS is not a rigid and unchanging technology. It has changed considerably over the lifetime of the Internet and here I’d like to look at what’s changed and what’s remained the same. More...
Routing Topics at RIPE 88
June 2024
RIPE 88 was held in May 2024 at Krakow, Poland. Here’s as summary of some of the routing topics that were presented at that meeting that I found to be of interest. More...
DNS Topics at RIPE 88
June 2024
RIPE 88 was held in May 2024 at Krakow, Poland. Here’s as summary of some of the DNS topics that were presented at that meeting that I found to be of interest. More...
Calling Time on DNSSEC
May 2024
Through the lack of clear signals of general adoption of DNSSEC over three decades, then is it time to acknowledge that DNSSEC is just not going anywhere? Is it time to call it a day for DNSSEC and just move on? More...
A Transport Protocol’s View of Starlink
May 2024
Let's look at the Starlink at a protocol level, and how TCP, the workhorse transport protocol of the Internet, interacts with the somewhat unique characteristics of Starlink's service. More...
IPv6 Prefix Lengths
April 2024
These days its up to IPv6 Service providers to determine what IPv6 address prefix length they assign to each customer. This leads to the question: What lengths are commonly used for customer assignments? Let's see if we can answer it. More...
DNSSEC and .nz
April 2024
It’s a welcome sight to see a careful and thoughtful analysis of a service outage. One such instance was a presentation by .nz's Josh Simpson at the recent NZNOG meeting, reporting on a service outage for .nz domains. More...
Coherent Optical Transceivers
April 2024
I had the opportunity to participate in the New Zealand Network Operators Group meeting (NZNOG) in Nelson earlier this month. This article was prompted by a presentation from Thomas Weible of Flexoptix at NZNOG on the topic of Coherent Optical Transceivers. More...
DNS Topics at IETF119
March 2024
The Internet is rapidly shifting to a name-based network and the DNS is now the underlying technology that lies the core of today's network. So, let’s see what we are currently thinking about in terms of names and the DNS at the recent IETF meeting. More...
Adding IPv6-only to DNS and Truncation in UDP
March 2024
We repeat the measurements of the behaviour of the DNS when processing truncated UDP responses, but this time we've constrained the measurement so that only IPv6-capable DNS resolvers are being measured. Does this make the results better or worse? More...
KeyTrap!
March 2024
Yet another DNS vulnerability has been exposed. The language of the press release revealing the vulnerabil;ity is certainly dramatic, with "devasting consequences" and the threat to "completely disable large parts of the worldwide Internet."" If this is really so devastating then perhaps we should look at this in a little more detail to see what’s going on, how this vulnerability works, and what the response has been. More...
Opinion: Digital Sovereignty and Internet Standards
March 2024
There is a view that Internet standards, and the IETF in particular, are at the centre of many corporate and national strategies to exert broad influence and shape the internet to match their own preferred image. This view asserts that standards have become the most important component of the Internet’s infrastructure. Due to their economic and strategic importance, the process of creation of internet standards are inevitably subject to the intense economic and political tensions between diverse world views. There are, naturally, other views, along the lines that the IETF does little other than reflect the more general pressures and directions being taken by industry actors, and has no ability to exert any leadership role in this space. More...
DNS and Truncation in UDP
February 2024
I’ll press on with another item within an overall theme of some current work in DNS behaviours with a report of a recent measurement on the level of compliance of DNS resolvers with one aspect of standard-defined DNS behaviour: truncation of DNS over UDP responses. More...
DNS OARC 42
February 2024
The DNS Operations, Analysis, and Research Center (DNS-OARC) brings together DNS service operators, DNS software implementors, and researchers together to share concerns, information and learn together about the operation and evolution of the DNS. They meet between two to three times a year in a workshops format. The most recent workshop was held in Charlotte, North Carolina in early February 2024. Here are my thoughts on the material that was presented and discussed at this workshop. More...
DNS and the DELEG Proposal
February 2024
The DNS is a large-scale distributed database, where the internal structure of the databaase mirrors the hierarchical nature of the name space itself. In the database the points of delegation from one node to another are de noted by DNS Nameserver records. This structure has served the DNS adequately for many decades, so why change it? More...
IP Addresses through 2023
January 2024
Time for another annual roundup from the world of IP addresses. Let’s see what has changed in the past 12 months in addressing the Internet and look at how IP address allocation information can inform us of the changing nature of the network itself.More...
BGP in 2023 – BGP Updates
January 2024
The first part of this annual report looked at the size of the routing table and looked at some projections of its growth for both IPv4 and IPv6. However, the scalability of BGP as the Internet’s routing protocol is not just dependant on the number of prefixes carried in the routing table. BGP protocol behaviour in the form of dynamic routing updates are also part of this story. If the update rate of BGP is growing faster than we can deploy processing capability to match, then the routing system will lose coherence, and at that point the network will head into periods of instability. This report looks at the profile of BGP updates across 2023 to assess whether the stability of the routing system, as measured by the level of BGP update activity, is changing. More...
BGP in 2023 – Have we reached Peak IPv4?
January 2024
At the start of each year, I’ve been reporting on the behaviour of the Internet’s inter-domain routing system over the previous 12 months, looking in some detail at some metrics from the routing system that can show the essential shape and behaviour of the underlying interconnection fabric of the Internet. The year 2023 marks a significant point in the evolution of the Internet where the strong growth numbers that were a constant feature of the past thirty years are simply not present in the data. Not only is the Internet’s growth slowing down significantly, but in the IPv4 network it appears to be shrinking, which is unprecedented in the brief history of the Internet to date. More...
Models of Trust for the RPKI
December 2023
A report on a feasibility study looking at an alternative trust anchor structure for the Resource Public Key Infrastructure (RPKI). More...
Measurement and Analysis of Protocols at IETF 118
December 2023
At IETF 118 in November 2023 I attended the meeting of the Measurement and Analysis of Protocols Research Group, and here are my impressions from that meeting.More...
DNS at IETF 118
November 2023
The IETF met in Prague in the first week of November 2023, and, as usual there was a flurry of activity in the DNS-related Working Groups. Here's a roundup of those DNS topics I found to be of interest at that meeting. More...
Call the Routing Police!
November 2023
There is a continual stream of routing anomalies that are seen in today's Internet. Some are the result of operational mishaps, some are malicious and deliberate, but all of them have some impact. The latest routing mishap in Australia affected some 10 million customers when all their services, including telephony, IP, mobiles and fixed services all stopped. How can we enforce a set of requirements for service operators to do a better job? Where's the Routing Police to chase down these incidents and find out where poor operational practices are compromising the stability of the public Internet? More...
IPv6, the DNS and Happy Eyeballs
November 2023
If we are going to update RFC 3901, "DNS IPv6 Transport Guidelines," and offer a revised set of guidelines that are more positive guidelines about the use of IPv6 in the DNS, then what should such updated guidelines say? More...
How We Measure: RPKI ROA Signing and Route Origination Validation
November 2023
At APNIC Labs we publish a number of measurements of the deployment of various technologies that are being adopted on the Internet. Here we will look at how we measure the adoption of the signing of Route Origination Attestations (ROAs) as part of the framework for securing inter-domain routing on the Internet using the digital credential framework provided by the Resource Public Key Infrastructure (RPKI).More...
More Articles...