We're pleased to announce that beginning today we will start the process of migrating customers to DNS servers that use Domain Name System Security Extensions (DNSSEC), as part of an evolving suite of security protections that are part of Comcast Constant Guardâ„¢. Best of all, customers will not need to take any action and should not notice any changes to their service, though behind-the-scenes that service will be more secure. As the first major Internet Service Provider (ISP) to do so in the United States, our customers are among the first to be getting these new security capabilities, which is part of our continuing push for a more secure Internet experience for both our customers as well as the global Internet.
With DNSSEC, a web site name such as www.comcast.net can be cryptographically signed in the Domain Name System by the domain name owner. Then, when a customer tries to connect to that website, the Comcast DNS server checks that domain name, and verifies that signature to ensure that it is valid and has not been tampered with by hackers or other criminals. A customer will only be connected if this security verification has been passed, which occurs so quickly our customers won't even notice that it's being done.
The first step of our rollout, which starts today, involves migrating customers that have opted out of our Domain Helper service over to our production DNSSEC-validating servers. This will happen initially in a selected part of our Virginia network, and will later expand to all markets in the following sixty days, at which point all of our customers who have opted out of Domain Helper will have been migrated. After this has been completed, we will migrate the rest of our customers, which we anticipate will stretch into the early part of 2011.
For more information, you may also want to check out this brief introductory video about DNSSEC, our DNSSEC Information Center, as well as our Constant Guard page.