Comcast Migrating Customers To DNSSEC Resolvers

ctg1701 passes along this quote from a Comcast announcement: "Starting today we will begin migrating customers who have opted out of our Domain Helper service over to our production DNSSEC-validating servers. This will happen first in a selected part of our Virginia network, and will later expand to all markets in the following sixty days, at which point all of our customers who have opted out of Domain Helper will be migrated. After this has been completed, we will migrate the rest of our customers, which we anticipate will stretch into the early part of 2011."

Re:This is a GOOD thing

[ctg1701]

I've been using these months while they've been available for testing. The very nature of DNSSEC kills the 404 helper service, and provides an extra level of security. For anyone that wants to use them now without being migrated automatically someday, just use 75.75.75.75 and 75.75.76.76 for the DNS.

Absolutely correct, and hopefully people realize that we want to make your Internet service a better and safer experience.

Re:migrate

[Fallon]

I don't understand all the hate for Comcast, at least here in Colorado Springs. In the past year and a half I've had service with them I've had less than a couple of hours of downtime (at least that was their fault and not me fiddling with my router). Good bandwidth & pings, who could as for more. It really blew me away after spending the past decade on military bases in the middle of nowhere overseas or downrange (1 second+ ping times, 10-30% packet loss, modem class bandwidth).

Re:migrate

[Anonymous Coward]

http://consumerist.com/2010/09/comcast-wont-give-me-tv-service-because-im-a-home-business-customer.html [consumerist.com]

"Comcast won't give me TV service because I'm a home business customer"

Re:migrate

[ZorinLynx]

Location location location.

If you're in an area with a simple or recently updated cable plant, where there's less customers on each node, you will have absolutely excellent performance, like myself.

If you're in an area with 20 year old cable plant that has corroded/loose fittings, bad or marginal amplifiers and other equipment that hasn't received enough love lately, it will be comparable to the sort of Internet access you would receive in hell. Dropped packets, modem resyncing, and so on.

Also, another customer on the same node with bad equipment spewing noise into the upstream channel can also knock you offline. This happens from time to time, resulting in a poor internet connection until the cable company can track down the offending equipment and remove it or disconnect the customer. People stealing cable can also degrade a network, though thankfully with systems going digital and less analog (stealable) service this is less of a problem now.

So basically, it's all up to luck whether cable internet (on any provider) is reliable or not.

Re:migrate

[gad_zuki!]

>You really should be migrating off of Comcast

So the local telco monopoly is somehow better than the local cable monpoly? Err, seriously? I have dozens of AT&T horror stories and only a couple Comcast ones. Just getting AT&T installed anywhere is this Kafkaesque experience of dealing with multiple departments, multiple liars, multiple lazy no shows, etc who when instructed basic things "This is a new condo, thus you'll need to do more than just terminate at the demarc outside" they just pass the work onto other departments who just pass it back while you're taking off work waiting for them to do anything. With Comcast you deal with a much smaller bureaucracy.

I'm not even going to go into how Comcast business services sells me a 40mbps line for $99 and when I call support I get an American who either knows his shit or will connect me to someone who does without protest. Last time I called about the local telco, I got passed around to something like 4 or 5 departments before anyone even knew what a PTR record was. My first call to Comcast about PTR changes? "Sure, I can do that for you."

I'm not sure why there's this default love of the local telco, but its a bunch of shit. In many markets Comcast is the superior product, and by a long shot.

Re:Pitchforks and torches. Nice job, /.

[Wyatt Earp]

The dude from Comcast's rote answer to questions was to post links to Comcast's PR.

As for my company and who I shill for, that's easy. I'm a public sector education and video teleconferencing goblin in the 49th state. And I shill for children with low incidence disabilities who are using technology.

Re:What is this?

[ctg1701]

Stop posting press release posts.

Here is some non-Comcastic information - http://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions [wikipedia.org]

Chris what is your non-biased take on Comcast forging TCP reset packets and terrible quality HD?

Actually I have been working in the IETF to help provide better methods for P2P to work on ISP networks after the issues with the TCP reset packets a few years ago. I am sure you can look up some of the RFC items if you search for them.

If you have a problem with your HD quality, I suggest getting someone to come look at that. Given I am an Internet Engineer, I don't work on that side of the business.

Thanks

Chris
Comcast

I used to work for CableVision Chris

[Anonymous Coward]

Actually I am one of the engineers that run the DNS at Comcast, but if you consider me a shill, so be it." - by ctg1701 (311736) on Monday October 18, @06:07PM (#33939512)

Well, at least YOU admitted that you work for COMCAST Chris... HOWEVER:

You also didn't admit what I strongly suspect is true though (myself having worked for CableVision, a like member of your industry in telecommunications)... what is that? Well, ok!

That You are one of your staff, one of a VERY SELECT FEW in fact, who is ALLOWED to speak here on this issue, & others in your firm, specifically lower level techs is my guess, were also STRICTLY WARNED to steer clear of commenting on this publicly online, especially on largely travelled forums like this, or say, DSLReports.com & others like them, or highly trafficked sites like this one is...

Am I right?

Since you're thusfar showing a track-record of 'truth' here at this point?? I trust you will give us a straight answer on this much I just asked above... hopefully!

See, Chris, around here? You have to realize 1 thing: We're pretty aware of "how the show runs" for folks out of any large corporate entity... & that you people can & DO patrol largely travelled sites like this, especially when new news comes out that involves you & yours (COMCAST in this case).

Hell, even "industry notables" who have had enough of that type of crap have sounded-off on it here... & on the very account I am noting (paid trolls/shills etc.- et al) & here is an example thereof:

"It just takes one Ubuntu sympathizer or PR flack to minus-moderate any comment. Unfortunately, once PR agencies and so on started paying people to moderate online communities, and to have hundreds of accounts each, things changed." - by Bruce Perens (3872) on Friday July 30, @04:55PM (#33089192) Homepage Journal

http://linux.slashdot.org/comments.pl?sid=1738364&cid=33089192 [slashdot.org]

APK

P.S.=> Still, do I think you're doing this just to "cover comcast's behind"? No, I think you really MEAN what you're saying about COMCAST now going over to DNSSEC (probably a GOOD THING for you folks & your clientele hopefully)... but, my point is that I know PER MY SUBJECT-LINE NO LESS, just as Mr. Perens quoted above knows from his time @ HP, that only SOME FOLKS from large corporates are "allowed to talk" on various issues online publicly, and I have heard that "go down" myself in fact (but, not a paid shill/troll here, ever) - I am still willing to wager that you are 1 of your companies "Chosen Few" that were allowed to speak on this at all, period... am I right Chris? I wager I am... strongly (but, could be wrong, but... well, we'll see)... apk

Re:migrate

[icebike]

You are exactly correct, the two-bill setup is what I have and it works fine.

Business internet, and Residential TV+Phone. Since its a home office setup, I have no paying customers viewing my TV so there is no licensing conflict.

Its actually all on a single drop, split at the demarc before it hits any comcast box.

My static IP allows me to open a couple ports for my clients without comcast security getting all over my case.

Re:migrate

[rwyoder]

If you're stuck with Comcast...

"Stuck with Comcast"??? From my perspective as a network engineer, Comcast is taking the lead in deploying IPv6, and now DNSSec. They are putting the rest of the corporate world to shame on these fronts. (And I am neither an employee, nor a customer of Comcast.)

Re:What is this?

[beadfulthings]

OK, since you've clearly identified yourself, I'm going to write this with as much civility as I can muster. As I've already stated in this discussion, I'm a "home-business" subscriber. Frankly, I've had excellent support and follow-up from non-technical contacts, while technical support has been truly abysmal (while trying to opt-out of "Domain Helper"). Would you point us to either (a) written documentation or (b) phone information that would provide information on how to use the "business gateway" to configure DNS services of our own choosing. You'll note that I have not posted anonymously, which apparently causes me to run the risk of being modded down. You can follow the story of my last two or three months with Comcast by clicking on my username. Thank you.