[148301] in North American Network Operators' Group
Re: Comcast DNSSEC
daemon@ATHENA.MIT.EDU (Robert Bonomi)
Wed Jan 11 02:03:28 2012
Date: Wed, 11 Jan 2012 01:05:26 -0600 (CST)
From: Robert Bonomi <bonomi@mail.r-bonomi.com>
To: nanog@nanog.org
In-Reply-To: <20120111055831.GA2427@odin.ulthar.us>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> From nanog-bounces+bonomi=mail.r-bonomi.com@nanog.org Wed Jan 11 00:02:13 2012
> Date: Wed, 11 Jan 2012 00:58:31 -0500
> From: Scott Schmit <i.grok@comcast.net>
> To: nanog@nanog.org
> Subject: Re: Comcast DNSSEC
>
> On Tue, Jan 10, 2012 at 05:24:47PM -0600, Jeremy Bresley wrote:
> > Hadn't seen this mentioned yet.
> >
> > http://blog.comcast.com/2012/01/comcast-completes-dnssec-deployment.html
> >
> > Comcast has signed all their managed domains, as well as deployed
> > DNSSEC resolvers for their customers. And they're encouraging
> > others to make the jump to DNSSEC now as well, especially
> > e-comm/banking sites.
>
> Very cool, but they haven't signed *all* of them. comcast.net still
> isn't signed, nor are any of the reverse zones, nor is comcastonline.com
> (in Comcast's SOAs).
>
> You can probably quibble about whether the reverse zones are important,
> but comcast.net is quite a significant miss. (Email, DNS, their "more
> information links", etc.)
>
> Still, I'm glad they're doing it, and hopefully reality will catch up
> with their announcement soon. :-)
>
> --
> Scott Schmit
>
