[148300] in North American Network Operators' Group
Re: Comcast DNSSEC
daemon@ATHENA.MIT.EDU (Scott Schmit)
Wed Jan 11 00:59:30 2012
Date: Wed, 11 Jan 2012 00:58:31 -0500
From: Scott Schmit <i.grok@comcast.net>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <4F0CC8BF.1080009@brezworks.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, Jan 10, 2012 at 05:24:47PM -0600, Jeremy Bresley wrote:
> Hadn't seen this mentioned yet.
>
> http://blog.comcast.com/2012/01/comcast-completes-dnssec-deployment.html
>
> Comcast has signed all their managed domains, as well as deployed
> DNSSEC resolvers for their customers. And they're encouraging
> others to make the jump to DNSSEC now as well, especially
> e-comm/banking sites.
Very cool, but they haven't signed *all* of them. comcast.net still
isn't signed, nor are any of the reverse zones, nor is comcastonline.com
(in Comcast's SOAs).
You can probably quibble about whether the reverse zones are important,
but comcast.net is quite a significant miss. (Email, DNS, their "more
information links", etc.)
Still, I'm glad they're doing it, and hopefully reality will catch up
with their announcement soon. :-)
--
Scott Schmit
