Comcast is 1st major U.S. ISP to roll out DNSSEC


Twitter post from Comcast Tom re: DNSSEC rollout

Comcast has begun migrating customers to DNS servers using DNSSEC protections as part of its production roll-out of DNSSEC. Comcast executive director for Internet systems Jason Livingood tells us, “So far this year, our production deployment trial has been opt-in only.  Starting [this week], customer DNS IP addresses will start to change via DHCP lease updates.”  The announcement notes that:

Best of all, customers will not need to take any action and should not notice any changes to their service, though behind-the-scenes that service will be more secure. As the first major Internet Service Provider (ISP) to do so in the United States, our customers are among the first to be getting these new security capabilities, which is part of our continuing push for a more secure Internet experience for both our customers as well as the global Internet.

Livingood also notes that, as part of the roll-out, “we have deliberately broken DNSSEC for a domain so we and others
can test what happens when validation breaks.”  The results are here.

Comcast also has made available a DNSSEC public service announcement for its customers, featuring G4 Network’s “Attack of the Show” co-host Kevin Pereira:

Comments are closed.