RSS Alerts

Related Links

Related Stories

  • DNSSEC encrypted domain technology gets welcome boost
    Things appear to be moving ahead for DNSSEC, the encrypted domain technology designed to protect the domain name system from spoofing and other hacks. Nominum, which supplies DNS systems, announced new capabilities in its products designed to eliminate barriers to DNSSEC deployment.
  • Google and Neustar propose security fix for DNS geolocation technology
    Google and DNS provider Neustar have jointly proposed an extension to the DNS protocol that would fix many of its security problems.
  • Internet security takes a leap forward
    Internet security took a giant leap forward on Wednesday with the global roll-out of technology aimed at making the public network safer for all users without affecting performance.
  • Root zone switches to DNSSEC
    The last of the internet's 13 root servers has been switched to a secure version off the Domain Name System (DNS). This means that the entire root zone for the internet is now operating using DNSSEC.
  • Google launches DNS service
    Google is hoping to beef up the web's security by providing its own domain name service (DNS). The search engine giant is asking companies to point their computers at its own DNS servers to get extra protection from DNS attacks, and to speed up their browsing.

News

Comcast will transition to DNSSEC

25 February 2010

Following an 18-month testing period, giant US ISP Comcast has announced plans to transition to the DNSSEC secure DNS standard by the end of next year.

"We plan to implement DNSSEC for the websites we manage, such as comcast.com, comcast.net and xfinity.com, by the first quarter of 2011, if not sooner. By the end of 2011, we plan to implement DNSSEC validation for all of our customers," Comcast said in a statement. "You won’t need to make any changes to start using DNSSEC; it will happen automatically if you are currently using our DNS."

DNSSEC is instrumental in stopping attackers from carrying out most of the well-known attacks on domain name system servers, including DNS cache poisoning. It works by digitally signing DNS responses, so that DNS servers know they're receiving responses from authorised sources.

Comcast has provided DNS server IP addresses for those customers who are interested in participating in trials before 2011. Changing primary and secondary DNS addresses to 75.75.75.75 and 75.75.76.76 will automatically switch them to the service. IPv6 addresses will be added soon, Comcast added.

The DNSSEC implementation will break Comcast's existing web error redirection system, called Comcast Domain Helper. It will be turning off the service when DNSSEC is fully implemented, it said.

Comcast originally began its DNSSEC trial in October 2008, following a decision by the .gov top level domain to implement the service. It originally provided a publicly available DNSSEC resolver for testing purposes.

 

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water