Re: Comcast DNSSEC

[Robert Bonomi <bonomi () mail r-bonomi com>]

> From nanog-bounces+bonomi=mail.r-bonomi.com () nanog org  Wed Jan 11 00:02:13 2012
> Date: Wed, 11 Jan 2012 00:58:31 -0500
> From: Scott Schmit <i.grok () comcast net>
> To: nanog () nanog org
> Subject: Re: Comcast DNSSEC
>
> On Tue, Jan 10, 2012 at 05:24:47PM -0600, Jeremy Bresley wrote:
> > Hadn't seen this mentioned yet.
> >
> > http://blog.comcast.com/2012/01/comcast-completes-dnssec-deployment.html
> >
> > Comcast has signed all their managed domains, as well as deployed
> > DNSSEC resolvers for their customers.  And they're encouraging
> > others to make the jump to DNSSEC now as well, especially
> > e-comm/banking sites.
>
> Very cool, but they haven't signed *all* of them. comcast.net still
> isn't signed, nor are any of the reverse zones, nor is comcastonline.com
> (in Comcast's SOAs).
>
> You can probably quibble about whether the reverse zones are important,
> but comcast.net is quite a significant miss. (Email, DNS, their "more
> information links", etc.)
>
> Still, I'm glad they're doing it, and hopefully reality will catch up
> with their announcement soon. :-)
>
> -- 
> Scott Schmit