Donate
‹ Back
Domain Name System Security Extensions (DNSSEC) 12 June 2014

Case Study: Comcast’s DNSSEC Implementation

comcast_logo_200

Comcast, one of the largest Internet Service Providers (ISPs) in North America, started their Domain Name System Security Extensions(DNSSEC) deployment in 2008 and completed it in January of 2012. All of Comcast’s 18 million residential customers now use DNSSEC-validating DNS servers by default.  Additionally Comcast signed all of their own 6,000 domain names with DNSSEC.

The greatest challenge Comcast faced with their DNSSEC rollout was regarding customer education. Customers want to reach web sites – they don’t care if a site is unreachable because it failed validation procedures, regardless of whether the cause is due to error or malicious behavior. To help improve customer communication, Comcast used their DNS information site to communicate current DNSSEC issues to its customers. They also employed “Negative Trust Anchors” to temporarily skip sites with broken DNSSEC configurations.

To learn more about how Comcast deployed DNSSEC, including the issues they faced and their solutions, check out the presentation / case study from Chris Griffiths of Comcast at ICANN 45’s DNSSEC workshop.

When you’re finished check out some of our other DNSSEC resources or visit our “Start Here” pages to find DNSSEC-related information focused on your type of organization.

‹ Back

Related articles

State of DNSSEC Deployment 2016
State of DNSSEC Deployment 2016
Domain Name System (DNS)31 December 2016

State of DNSSEC Deployment 2016

This report provides a snapshot of the state of deployment of DNSSEC as of the end of 2016. Please download the...

The Two Sides of DNSSEC – Signing and Validation
Domain Name System Security Extensions (DNSSEC)5 August 2014

The Two Sides of DNSSEC – Signing and Validation

There are two sides of DNSSEC, Signing and Validation, that together provide the increased level of security offered by DNSSEC...

DNSSEC
Building Trust1 October 2017

DNSSEC

The Domain Name System (DNS), the Internet’s addressing system, is the most critical component of the Internet infrastructure. As with...

Join the conversation with Internet Society members around the world