Comcast Launches First Public US Trial of DNSSEC 100
cryan7755 and netbuzz both sent along a NetworkWorld story on Comcast's public test deployment of DNSSEC. Here is the company's blog post announcing the trial.
"Comcast this morning announced what is believed to be the first public test deployment of DNS Security Extensions. The company says it has deployed DNSSEC throughout its nationwide network and will immediately make validating servers available to customers. In addition, Comcast said it would digitally sign all of its own domain names using DNSSEC by early next year. 'There is often talk about a chicken-and-egg sort of problem with DNSSEC. People don’t want to sign their own domains with DNSSEC until people are validating signatures,' says Jason Livingood, Executive Director of Internet Systems Engineering at Comcast. 'We want to explain how we as an ISP have a roadmap for validating signatures with DNSSEC.'"
Err, but .COM is not valid for a while (Score:1, Interesting)
That's great, but VERISIGN will not setup DNSSEC for .COM for some time.
http://www.root-dnssec.org/
It's great that ISPs enable DNSSEC in their DNS servers, but until .COM and the like are not signed, the point is a little moot?
Re:Err, but .COM is not valid for a while (Score:3, Interesting)
It's still great to see the providers bootstrapping DNSSEC. We need more of them onboard before you see widespread adoption.
I have a feeling you're going to see DNSSEC explode in a big way soon .... Comcast isn't the only ISP implementing it.
Re:The sticking point... (Score:4, Interesting)
Say what you want about Comcast's customer policies, it's clear that they're almost as foresighted as Google when it comes to deploying next generation networking technologies, not only deploying DNSSEC, but also beginning an opt-in IPv6 transition project.
In short: Credit where credit is due. At least *someone* is looking to the future and working toward it.
Re:umm. (Score:5, Interesting)
Probably because they aren't rebranding their corporate entity.
Also, if you think this is the first cool thing Comcast has done in support of the internet, you're dead wrong. They have some very talented and involved engineers working hard on IPv6 [comcast6.net], publishing IETF drafts on IPv6 transition strategies [ietf.org], making nice after their BitTorrent escapades [ietf.org], etc.
Say what you will about their business practices, customer service, reliability, whatever... But when it comes to IPv6 and being involved in the technical community, they're kicking ass and taking names.
Re:Err, but .COM is not valid for a while (Score:4, Interesting)
The point is testing this on smaller TLD. We have been working with .ORG and other TLDs to test DNSSEC for a while now. When the time comes for a signed root and .COM and .NET signed, we will be ready.
Thanks
Chris Griffiths
Comcast