RSS Alerts

Share

More services

Related Links

Related Stories

  • DNSSEC encrypted domain technology gets welcome boost
    Things appear to be moving ahead for DNSSEC, the encrypted domain technology designed to protect the domain name system from spoofing and other hacks. Nominum, which supplies DNS systems, announced new capabilities in its products designed to eliminate barriers to DNSSEC deployment.
  • Migration to IPv6 still slow reports EURid
    Despite widespread reports that IPv4 numbers are running out – and with parts of Asia expected to run out completely later this year – EURid, the eu top level domain registrar, is reporting that the take-up of IPv6 numbers, and the understanding of the security needed, is still relatively low.
  • Google and Neustar propose security fix for DNS geolocation technology
    Google and DNS provider Neustar have jointly proposed an extension to the DNS protocol that would fix many of its security problems.
  • EURid adds easy-signing DNSSEC technology to web site registration
    EURid, the .eu top level domain registry, has taken the wraps off a new service for internet registrars that simplifies the signing and managing of .eu domain names enabled for the Domain Name System Security Extensions (DNSSEC) enhanced hosting facility.
  • Organizations not equipped to prevent DDoS attacks, DNS failures
    Many organizations are not equipped to prevent and respond to web infrastructure failures caused by distributed denial of service (DDoS) attacks and Domain Name System (DNS) failures, according to research commissioned by VeriSign.

Top 5 Stories

News

Comcast will transition to DNSSEC

25 February 2010

Following an 18-month testing period, giant US ISP Comcast has announced plans to transition to the DNSSEC secure DNS standard by the end of next year.

"We plan to implement DNSSEC for the websites we manage, such as comcast.com, comcast.net and xfinity.com, by the first quarter of 2011, if not sooner. By the end of 2011, we plan to implement DNSSEC validation for all of our customers," Comcast said in a statement. "You won’t need to make any changes to start using DNSSEC; it will happen automatically if you are currently using our DNS."

DNSSEC is instrumental in stopping attackers from carrying out most of the well-known attacks on domain name system servers, including DNS cache poisoning. It works by digitally signing DNS responses, so that DNS servers know they're receiving responses from authorised sources.

Comcast has provided DNS server IP addresses for those customers who are interested in participating in trials before 2011. Changing primary and secondary DNS addresses to 75.75.75.75 and 75.75.76.76 will automatically switch them to the service. IPv6 addresses will be added soon, Comcast added.

The DNSSEC implementation will break Comcast's existing web error redirection system, called Comcast Domain Helper. It will be turning off the service when DNSSEC is fully implemented, it said.

Comcast originally began its DNSSEC trial in October 2008, following a decision by the .gov top level domain to implement the service. It originally provided a publicly available DNSSEC resolver for testing purposes.

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012