Skip to main content

    Comcast kills DNS rerouting to protect DNSSEC, while it continues to push for SOPA's DNS blocking

    Comcast kills DNS rerouting to protect DNSSEC, while it continues to push for SOPA's DNS blocking

    Share this story

    handshakes
    handshakes

    While Comcast's lawyers and lobbyists work on pushing the DNS-blocking Stop Online Piracy Act through Congress, the company's technical experts say that DNS rerouting (blocking) is now incompatible with its secure DNS system. In separate blog posts today, Comcast announced that it has fully implemented Domain Name System Security Extensions (DNSSEC), and that it will be killing its own DNS rerouting service because it is incompatible with DNSSEC — Chris Griffiths, Comcast DNS Engineering Manager, says that "DNS redirect services... are technically incompatible with DNSSEC and / or create conditions that can be indistinguishable from malicious modifications of DNS traffic." In other words, Comcast has just made itself unable to comply with key provisions of the very law it is actively championing.

    It's a very peculiar twist in the SOPA story so far: it's clear now that even the most ardent supporters of SOPA don't have a consistent message on the bill's most controversial elements. We'll have to wait and see whether Comcast's legal or technical team wins out, but the argument for DNS-blocking just got a little murkier.