Not only is Comcast taking the lead on IPv6 deployment, as we've noted in the past they're also taking the lead on DNSSEC upgrades. The security improvements allow both sites and providers to validate domain names to make sure they're correct and not tampered with, in turn helping to combat things like DNS cache "poisoning" and phishing scams. According to a new blog post by Comcast the company says they're the first large ISP to have completed DNSSEC deployment. Comcast's Jason Livingood, a Broadband Reports forum regular, has this to say about the accomplishment:
As of today, over 17.8M residential customers of our Xfinity Internet service are using DNSSEC-validating DNS servers. In addition, all of the domain names owned by Comcast, numbering over 5,000, have been cryptographically signed. All of our servers, both the ones that customers use and the ones authoritative for our domain names, also fully support IPv6.
One change (which will be considered a positive if these services annoy you) is that Comcast has had to shut off DNS redirection ads because they don't play nice with the DNSSEC upgrades. DNS redirection, adopted now by most ISPs, offer users ad-laden search portals should they mistype or enter an nonexistent domain. It's a way for a carrier to make additional revenue, but it sometimes came at the expense of breaking certain network diagnostic tools.read comment(s)