Encrypted DNS: An Update on Comcast’s Plans
The Domain Name System (DNS) translates the names you type in your browser address bar into the network address of a website. New DNS protocols now enable encryption of these DNS lookups between a user’s device and its DNS resolver in order to help protect end user privacy and security. These new DNS encryption protocols are called “DNS over HTTPS” (DoH) and “DNS over TLS” (DoT).
We began public beta testing of each protocol in October 2019 and are now planning to begin production network deployment in Q2 2020.
We think that DoH and DoT will be most successful if all organizations running DNS resolvers globally work together to encrypt – in a similar way to how many websites upgraded to support TLS encryption in recent years. To this end, we and other organizations are working together on testing and deploying encrypted DNS through the Encrypted DNS Deployment Initiative (EDDI), the Internet Engineering Task Force (IETF), and other industry organizations around the world. This collaboration also helps to ensure that users’ security and parental control functions that depend on DNS are not disrupted in the upgrade to encryption whenever possible.
As we have worked on deployment testing, it has been great to see cooperative technical engagement among browser providers, ISPs, DNS operators and others. This effort across many organizations has accelerated the production readiness of these new protocols.
But ensuring security through the successful implementation of DNS encryption is only part of the equation – pro-privacy policies and products are also very important. Comcast recently updated our key Internet privacy commitments and policy and clarified the facts about user privacy with our Internet service. We also recently created a new Xfinity Privacy Center for customers to manage their preferences and learn about our policy in detail. And in January, we announced that we are now including our advanced cybersecurity protection service to 18 million xFi customers that lease an xFi gateway at no extra charge.
We look forward to production deployment of encrypted DNS in 2020 and will provide additional updates as we make further progress!