May 14 – 15, 2017
Europe/Madrid timezone

HyperLogLog inspired three-minute scan of DNSSEC delegations worldwide

May 14, 2017, 3:30 PM
Standard Presentation Public Workshop Public Workshop: Measurement


Mr Bert Hubert (PowerDNS)


Using techniques inspired by the HyperLogLog counting algorithm, it has proven possible to rapidly measure the number of DNSSEC-signed delegations worldwide for both NSEC and NSEC3 zones, using around 4096 queries per zone. In this presentation, I will briefly describe HyperLogLog & then how this maps to NSEC names and NSEC3 hashes. I will also discuss how reliable results from measuring DNSSEC penetration this way can be in theory, and outline how theory matches reality. Finally, I'll run a fresh scan of the internet during the last few slides so we can see the state of DNSSEC penetration "right now", and offer some insights on particularly interesting zones. Compared to the existing 'hypernsec3' article posted earlier, this presentation adds discussion of the precision and accuracy of this technique, plus I will present fresh numbers. References: and
Talk Duration 30 Minutes

Primary author

Mr Bert Hubert (PowerDNS)

Presentation materials