Deploy360 26 November 2012

Slides – Comcast's Lessons Learned In Implementing DNSSEC

By Dan YorkDirector, Internet Technology

What lessons did Comcast learn in rolling out DNSSEC validation to their 18 million subscribers in the US?  Did they have to make any changes to their network?  What happened as they scaled up their deployment?

These were some of the many questions addressed by Comcast’s Chris Griffiths at the ICANN 45 DNSSEC Deployment Workshop on October 17, 2012, in his presentation titled, “DNSSEC Activities in North America: Comcast“.

Chris outlined how Comcast began working with DNSSEC and where it is today, but more importantly he highlighted questions that network operators need to be thinking about and discussed some of the issues they have seen.  He also mentioned Comcast’s site at where they are now listing sites that are experiencing DNSSEC problems.

Comcast DNSSEC presentation

At the end, Chris highlighted some of the challenges they still see, such as dealing effectively with load balancers and content distribution networks, as well as solving the upload of DS records to many different registrars.

The slides are well worth reviewing and if you want to hear Chris’ presentation, the audio recording of the entire day is available from ICANN’s website (you’ll just need to jump ahead to Chris’ section).

We definitely appreciate that not only is Comcast deploying DNSSEC, but they are also having people like Chris go out and speak at technical forums about what they have done.  Sure, it’s good publicity for them, but the information that they have learned is immensely valuable to share as a case study, and will only help expand the deployment of DNSSEC.

Now, we just need to see more network operators giving case study presentations like this! 🙂

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...