Comcast Launches First Public US Trial of DNSSEC

cryan7755 and netbuzz both sent along a NetworkWorld story on Comcast's public test deployment of DNSSEC. Here is the company's blog post announcing the trial. "Comcast this morning announced what is believed to be the first public test deployment of DNS Security Extensions. The company says it has deployed DNSSEC throughout its nationwide network and will immediately make validating servers available to customers. In addition, Comcast said it would digitally sign all of its own domain names using DNSSEC by early next year. 'There is often talk about a chicken-and-egg sort of problem with DNSSEC. People don’t want to sign their own domains with DNSSEC until people are validating signatures,' says Jason Livingood, Executive Director of Internet Systems Engineering at Comcast. 'We want to explain how we as an ISP have a roadmap for validating signatures with DNSSEC.'"

Re:Comcast DNS hijacking?

[ctg1701]

You should read our FAQ on the DNSSEC trial, particularly this section:

http://www.dnssec.comcast.net/faq.htm#faq7

What happens to Comcast Domain Helper, which offers DNS redirect services, when you fully implement DNSSEC?
We believe that the web error redirection function of Comcast Domain Helper is technically incompatible with DNSSEC.
Comcast has always known this and plans to turn off such redirection when DNSSEC is fully implemented.
The DNSSEC trial servers we are announcing today do not have Comcast Domain Helper's DNS redirect functionality enabled.
We plan to update our IETF Internet Draft on this subject, available at http://tools.ietf.org/html/draft-livingood-dns-redirect, to reflect this in the coming months.