Few ISPs, Companies Deployed DNSSEC Upgrades Comcast Took The Lead, But Few Followed DNSSEC is a flavor of security that allows both sites and providers to validate domain names to make sure they're correct and not tampered with, and is supposed to help combat things like DNS cache "poisoning" and phishing scams. While some ISPs like Comcast have made great efforts to get DNSSEC deployed, most ISPs and companies are lagging far behind. Nearly five years after the "Kaminsky Bug" vulnerability in DNS was discovered, very few companies have deployed DNSSEC. Why? Akamai's chief security officer Andy Ellis explains to Network World: Ellis says U.S. companies responded to the disclosure of the Kaminsky flaw by patching their DNS software with easy workarounds rather than taking the time to deploy DNSSEC, which is a more complete but also a more complex solution. "I don't think the Kaminsky flaw is that big of an issue right now," Ellis says. "DNSSEC doesn't solve the problems that are very real to [U.S. companies] ... like rolling denial of service attacks and phishing-based fraud. That's where we see a lot more of their time and energy being spent." You do wonder how many companies just didn't bother because they didn't want to pay for it. Comcast is quoted in the piece as saying their deployment of DNSSEC was complicated, but they've seen few issues with the deployment. On the ISP side, some carriers might have been swayed by the fact that installing DNSSEC "breaks" domain redirection ad systems that generate revenue by directing users to an ad-laden ISP-run search portal when they misspell or enter a nonexistent URL.
|
  whfsdudePremium
join:2003-04-05
Washington, DC | Comcast's IPv6 Efforts Almost the exact same can be said for IPv6. | |
|  |  camaro92Question everythingPremium
join:2008-04-05
Westfield, MA | Re: Comcast's IPv6 Efforts Yea have to give them credit where credit is due for both upgrades to there network. | |
| |  LinklistPremium
join:2002-03-03
Longport, NJ
kudos:5
2 edits | said by whfsdude:Almost the exact same can be said for IPv6.
I see IPV6 addresses for various Google web sites; Facebook; Netflix; comcast.net; Bing; Yahoo; etc on my Comcast internet service. But a little disappointing- almost all tech web sites(incl dslreports, cnet, AllThingsD, Apple, Amazon, etc) are still IPV4 only.
--
A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury. | |
|
| | CGN Is AT&T still planning on doing CGN/large scale NAT for their Uverse customers? Seems like a sweet way to earn some extra money by charging people for a public IP, static or not.
You can't monetize ipv6, of course. | |
| | | Here is the real reason... "I don't think the Kaminsky flaw is that big of an issue right now," Ellis says"
This is is why DNSSEC and IPv6 are not on the front burner. Neither will pose a real problem anytime soon.
--
I do not, have not, and will not work for AT&T/Comcast/Verizon/Charter or similar sized company. | |
| | whfsdudePremium
join:2003-04-05
Washington, DC Reviews:
 ·T-Mobile US
| Re: Here is the real reason... said by battleop:This is is why DNSSEC and IPv6 are not on the front burner. Neither will pose a real problem anytime soon. Define problem. We have been facing the v4 problem for years. These silly home NAT gateways can't pass protocols like SCTP (I like end-user multihoming - eg. roaming between WiFi AP and something else).
Mobile apps just plain suck when it comes to connectivity because an app dev has to assume multiple layers of NAT between user equipment and their servers.
RIPE and APNIC are both exhausted. Consumers in those countries will face higher prices as a market develops for IPv4 addresses. You will end up with lots of users shoved behind CGN which poses a number of problems.
(ARIN will real phase 4 this year - »www.arin.net/resources/request/i···own.html )
The failure of IPv6 hasn't been a lack of problems with IPv4, but a failure to communicate those problems to end-users. | |
| | | Rekrul
join:2007-04-21
Milford, CT Reviews:
 ·AT&T U-Verse
| Re: Here is the real reason... said by whfsdude:Define problem. We have been facing the v4 problem for years. These silly home NAT gateways can't pass protocols like SCTP (I like end-user multihoming - eg. roaming between WiFi AP and something else). said by whfsdude:The failure of IPv6 hasn't been a lack of problems with IPv4, but a failure to communicate those problems to end-users. Companies always wait until an issue starts causing them problems, then they look for the absolute quickest, cheapest work-around that they can find, which will allow them to keep doing things the way they've always done them. It's not until the work-arounds no longer work and the issue is starting to actually cost them money that they try to implement a real fix. This is then fraught with problems, and garners a lot of bad PR and ill will as they use their customers as beta testers. Meanwhile, the companies beg people to have patience because this is an issue that they "haven't had adequate time to prepare for!"
It's the corporate way. | |
|
| |
|
|
