Comcast DNSSEC

Scott Schmit i.grok at
Wed Jan 11 05:58:31 UTC 2012

On Tue, Jan 10, 2012 at 05:24:47PM -0600, Jeremy Bresley wrote:
> Hadn't seen this mentioned yet.
> Comcast has signed all their managed domains, as well as deployed
> DNSSEC resolvers for their customers.  And they're encouraging
> others to make the jump to DNSSEC now as well, especially
> e-comm/banking sites.

Very cool, but they haven't signed *all* of them. still
isn't signed, nor are any of the reverse zones, nor is
(in Comcast's SOAs).

You can probably quibble about whether the reverse zones are important,
but is quite a significant miss. (Email, DNS, their "more
information links", etc.)

Still, I'm glad they're doing it, and hopefully reality will catch up
with their announcement soon. :-)

Scott Schmit

More information about the NANOG mailing list