Speaker
Mr
Bert Hubert
(PowerDNS)
Description
Using techniques inspired by the HyperLogLog counting algorithm, it has proven possible to rapidly measure the number of DNSSEC-signed delegations worldwide for both NSEC and NSEC3 zones, using around 4096 queries per zone.
In this presentation, I will briefly describe HyperLogLog & then how this maps to NSEC names and NSEC3 hashes. I will also discuss how reliable results from measuring DNSSEC penetration this way can be in theory, and outline how theory matches reality.
Finally, I'll run a fresh scan of the internet during the last few slides so we can see the state of DNSSEC penetration "right now", and offer some insights on particularly interesting zones.
Compared to the existing 'hypernsec3' article posted earlier, this presentation adds discussion of the precision and accuracy of this technique, plus I will present fresh numbers.
References: https://ds9a.nl/hypernsec3 and https://powerdns.org/dnssec-stats/
| Talk Duration | 30 Minutes |
|---|
Primary author
Mr
Bert Hubert
(PowerDNS)
