Hadn't seen this mentioned yet. http://blog.comcast.com/2012/01/comcast-completes-dnssec-deployment.html Comcast has signed all their managed domains, as well as deployed DNSSEC resolvers for their customers. And they're encouraging others to make the jump to DNSSEC now as well, especially e-comm/banking sites. Nice work guys, any of the Comcast guys on the list want to give us an idea how much work is involved in this from a large-scale service provider perspective to do it? Any big caveats you encountered that people should watch out for? Jeremy "TheBrez" Bresley brez@brezworks.com
Wow! Congrats to the Comcast crew, that's absolutely awesome! Definitely interested in hearing any "lessons learned" that you can share from the exercise. - Pete On 1/10/2012 6:24 PM, Jeremy Bresley wrote:
Hadn't seen this mentioned yet.
http://blog.comcast.com/2012/01/comcast-completes-dnssec-deployment.html
Comcast has signed all their managed domains, as well as deployed DNSSEC resolvers for their customers. And they're encouraging others to make the jump to DNSSEC now as well, especially e-comm/banking sites.
Nice work guys, any of the Comcast guys on the list want to give us an idea how much work is involved in this from a large-scale service provider perspective to do it? Any big caveats you encountered that people should watch out for?
Jeremy "TheBrez" Bresley brez@brezworks.com
On Jan 10, 2012 5:11 PM, "Peter Kristolaitis" <alter3d@alter3d.ca> wrote:
Wow! Congrats to the Comcast crew, that's absolutely awesome!
Definitely interested in hearing any "lessons learned" that you can share from the exercise.
- Pete
On 1/10/2012 6:24 PM, Jeremy Bresley wrote:
Hadn't seen this mentioned yet.
http://blog.comcast.com/2012/01/comcast-completes-dnssec-deployment.html
Comcast has signed all their managed domains, as well as deployed DNSSEC
resolvers for their customers. And they're encouraging others to make the jump to DNSSEC now as well, especially e-comm/banking sites.
Nice work guys, any of the Comcast guys on the list want to give us an
idea how much work is involved in this from a large-scale service provider
+1 Between dnssec and ipv6 Comcast has shown true internet evolution leadership in their *actions*, which really stands out in an industry full of talk. Cb perspective to do it? Any big caveats you encountered that people should watch out for?
Jeremy "TheBrez" Bresley brez@brezworks.com
On Tue, Jan 10, 2012 at 05:24:47PM -0600, Jeremy Bresley wrote:
Hadn't seen this mentioned yet.
http://blog.comcast.com/2012/01/comcast-completes-dnssec-deployment.html
Comcast has signed all their managed domains, as well as deployed DNSSEC resolvers for their customers. And they're encouraging others to make the jump to DNSSEC now as well, especially e-comm/banking sites.
Very cool, but they haven't signed *all* of them. comcast.net still isn't signed, nor are any of the reverse zones, nor is comcastonline.com (in Comcast's SOAs). You can probably quibble about whether the reverse zones are important, but comcast.net is quite a significant miss. (Email, DNS, their "more information links", etc.) Still, I'm glad they're doing it, and hopefully reality will catch up with their announcement soon. :-) -- Scott Schmit
From nanog-bounces+bonomi=mail.r-bonomi.com@nanog.org Wed Jan 11 00:02:13 2012 Date: Wed, 11 Jan 2012 00:58:31 -0500 From: Scott Schmit <i.grok@comcast.net> To: nanog@nanog.org Subject: Re: Comcast DNSSEC
On Tue, Jan 10, 2012 at 05:24:47PM -0600, Jeremy Bresley wrote:
Hadn't seen this mentioned yet.
http://blog.comcast.com/2012/01/comcast-completes-dnssec-deployment.html
Comcast has signed all their managed domains, as well as deployed DNSSEC resolvers for their customers. And they're encouraging others to make the jump to DNSSEC now as well, especially e-comm/banking sites.
Very cool, but they haven't signed *all* of them. comcast.net still isn't signed, nor are any of the reverse zones, nor is comcastonline.com (in Comcast's SOAs).
You can probably quibble about whether the reverse zones are important, but comcast.net is quite a significant miss. (Email, DNS, their "more information links", etc.)
Still, I'm glad they're doing it, and hopefully reality will catch up with their announcement soon. :-)
-- Scott Schmit
Very cool, but they haven't signed *all* of them. comcast.net still isn't signed, nor are any of the reverse zones, nor is comcastonline.com (in Comcast's SOAs).
We'll be there very soon. Sometimes unplanned work in other areas pulls resources temporarily, conspiring against the best plans. ;-) - JL
Still, I'm glad they're doing it, and hopefully reality will catch up with their announcement soon. :-)
-- Scott Schmit
participants (6)
-
Cameron Byrne -
Jeremy Bresley -
Livingood, Jason -
Peter Kristolaitis -
Robert Bonomi -
Scott Schmit