While Comcast's lawyers and lobbyists work on pushing the DNS-blocking Stop Online Piracy Act through Congress, the company's technical experts say that DNS rerouting (blocking) is now incompatible with its secure DNS system. In separate blog posts today, Comcast announced that it has fully implemented Domain Name System Security Extensions (DNSSEC), and that it will be killing its own DNS rerouting service because it is incompatible with DNSSEC — Chris Griffiths, Comcast DNS Engineering Manager, says that "DNS redirect services... are technically incompatible with DNSSEC and / or create conditions that can be indistinguishable from malicious modifications of DNS traffic." In other words, Comcast has just made itself unable to comply with key provisions of the very law it is actively championing.
It's a very peculiar twist in the SOPA story so far: it's clear now that even the most ardent supporters of SOPA don't have a consistent message on the bill's most controversial elements. We'll have to wait and see whether Comcast's legal or technical team wins out, but the argument for DNS-blocking just got a little murkier.
There are 32 Comments. Add yours.
I guess I’m dumb but I have no idea what this article means in layman’s terms.
Posted on Jan 11, 2012 | 5:16 PM EST reply Recommend (5) Flag actions
1. Comcast is a major proponent of SOPA (a proposed bill before congress).
2. Comcast just changed their technology which makes it impossible to enforce SOPA.
It’s like making breaking and entering illegal, then outlawing locks.
(yes I’m aware breaking and entering is already illegal)
Posted on Jan 11, 2012 | 5:34 PM EST reply Recommend (10) Flag actions
Actually it’s even better than that.
Not are they not able to enforce SOPA, but the technology they are implementing is actually in contravention of the act as it stands. To all intents and purposes SOPA will outlaw DNSSEC.
A brief explanation:
DNSSEC is a means of preventing hacked or rogue DNS servers (the machines that turn domain names like theverge.com into IP addresses) from serving up faked results, so someone can’t hack a server and pretend to be Google.com, or theverge.com or your bank.
SOPA will require ISPs to block DNS results for blocked sites. DNSSEC, when fully implemented, will do an end run around this restriction due to the way it works. It will automatically circumvent the SOPA blocks.
SOPA makes it illegal to supply, provide or develop technology, tools or services for the purposes of circumvented SOPA blocks.
So, having implemented DNSSEC, Comcast are providing a service that would be illegal under SOPA.
Even more ironic is that some of the biggest supporters of DNSSEC are the DoD, NSA and various other branches of government whose job it is to help secure the USA’s infrastructure. The same goes for Tor, which is used to get around China’s great firewall, and which is supported by the US government.
SOPA is an absolute clusterfsck, and demonstrates the utter hipocracy of the US political system.
Posted on Jan 11, 2012 | 5:54 PM EST reply Recommend (21) Flag actions
Thank you sir!
Posted on Jan 11, 2012 | 5:56 PM EST reply Recommend Flag actions
Does SOPA actually specify what they mean by ‘block DNS’? ie. does it explicitly state a requirement for rerouting? Because otherwise one could argue that simply by blocking DNS requests at the default DNS server the ISPs had complied with the letter of the act.
Posted on Jan 11, 2012 | 6:22 PM EST reply Recommend (1) Flag actions
The problem for comcast is that SOPA makes methods of circumvention illegal, which includes things like Tor and DNSSEC.
Posted on Jan 12, 2012 | 6:59 AM EST reply Recommend Flag actions
“SOPA is an absolute clusterfsck, and demonstrates the utter hipocracy of the US political system.”
Take this sentence, drop the SOPA, enter in U.S. Tax System and the statement is true to every word. Yes?
Posted on Jan 11, 2012 | 10:07 PM EST reply Recommend Flag actions
SOPA is the most horrifically written piece of legislature. It is the end result of what happens when people with NO IDEA of technology write laws to control it.
Posted on Jan 13, 2012 | 4:04 PM EST reply Recommend Flag actions
Have your even read the full text of the SOPA bill. DNSSEC is a way to confirm that DNS is valid. This would not stop the registar from removing the DNS zone from the root servers. This is what they mean by blocking DNS.
Posted on Jan 13, 2012 | 5:30 PM EST reply Recommend Flag actions
Boo…
Posted on Jan 11, 2012 | 5:16 PM EST reply Recommend Flag actions
Comcast I meant…
Posted on Jan 11, 2012 | 5:16 PM EST reply Recommend Flag actions
Die Comcast. You are the worst internet provider I have ever had, sucks you are the only provider in a lot of areas. Not to mention that your DNS makes your internet really slow, always at the bottom of the list when I run Namebench.
Posted on Jan 11, 2012 | 5:19 PM EST reply Recommend (2) Flag actions
Comcast is way better than the other options, I get the speend I bought +/- 2mb/s. I don’t know what makes you think they are awful.
Posted on Jan 11, 2012 | 5:48 PM EST reply Recommend Flag actions
Not where I live. Uverse in my area is much better. Speeds were always only a few Mbps from advertised and I didn’t have the crazy, unexplained downtown or slowdowns that Comcast has. For a few days I was getting 300+ ms ping times. Wth?
But YMMV!
Caveat though: Uverse TV with internet (not just internet) totally fubar’ed my ability to play Metal Gear Online. I had to set the TV receiver as the DMZ in order to play PS3 online.
If you buy Uverse, they won’t let you buy internet alone. You have to get a TV/internet package and then just cancel the TV the next day.
Posted on Jan 11, 2012 | 6:13 PM EST reply Recommend Flag actions
Use Google’s DNS. I do and it is much faster. it is located at 8.8.8.8 and 8.8.4.4
Posted on Jan 11, 2012 | 6:22 PM EST reply Recommend Flag actions
Wait, Comcast has a DNS infrastructure? I couldn’t tell due to how slow my network access was until I switched to OpenDNS and Google DNS.
Posted on Jan 11, 2012 | 5:26 PM EST reply Recommend Flag actions
All this is is further proof that the people pushing SOPA forward don’t understand the problem or how to solve it.
Posted on Jan 11, 2012 | 5:27 PM EST reply Recommend (6) Flag actions
How could they? They’re all grandpa’s that don’t understand the technicalities behind how the “interwebs” work.
Posted on Jan 11, 2012 | 10:09 PM EST reply Recommend Flag actions
What would be the best American internet/cable provider. Everyone says it sucks but it’s the only good provider in my area. I get around 10mb/s and that’s faster than all my friends. It makes me surprised when i see people getting 30-40 mb/s.
Posted on Jan 11, 2012 | 5:34 PM EST reply Recommend Flag actions
Roadrunner/Time Warner Cable I think has a 50mb/s plan.
Posted on Jan 11, 2012 | 5:37 PM EST reply Recommend Flag actions
If you mean their “wide band”
It’s 35 down 5 up, I normally get 30-35 down and 3 up. No fios where I live
Posted on Jan 11, 2012 | 6:20 PM EST via mobile reply Recommend Flag actions
Oh… well… some areas have fios. =/
Thus answering thetony’s question as to how some people get such high speeds.
Posted on Jan 11, 2012 | 6:45 PM EST reply Recommend Flag actions
Not every provider is available in every area, let alone all the services of any given provider. So… you’ll have to be more specific. But that’s for the forums.
Eastern Iowa, paying $75/mo for 20 down/ 1up Mediacom cable internet only and usually getting that.
Posted on Jan 11, 2012 | 5:57 PM EST reply Recommend Flag actions
Usually the ones that aren’t too big to be evil but not too small that they don’t have much infrastructure. Back home I have Midcontinent and for $45 you can get 30Mb/s down and 5 up, without bundling anything. I’d say they are pretty good.
Posted on Jan 11, 2012 | 6:46 PM EST reply Recommend Flag actions
I get 30mb down/6up almost consistently Comcast and a 15ms ping they offer a 50mb plan in my area but I haven’t considered upgrading especially after visiting family over the holiday using AT&T dsl of about 2mb down and 500KB down during peek usage
Check out broadband.gov and their future plans one being
Posted on Jan 11, 2012 | 11:04 PM EST reply Recommend Flag actions
Verizon FiOS if it’s available. I pay for the 35/35 service and at times I get above that speed.. Costs me the same that Cablevision’s 15/5 service cost me before except I never got the advertised speeds for Cablevision.
Posted on Jan 12, 2012 | 2:25 PM EST reply Recommend Flag actions
So the people that understand how the internet works (their engineers) just blocked the people that don’t understand how it works, but make the big bucks (their lobbyists/lawyers). People of the internet FTW.
Posted on Jan 11, 2012 | 5:35 PM EST reply Recommend (3) Flag actions
All I can think is, “DILLON!”
http://www.youtube.com/watch?v=GU_7uq51eZU
Posted on Jan 11, 2012 | 5:37 PM EST reply Recommend (3) Flag actions
Does Comcast think it can have its cake and eat it to?
Can Comcast’s lawyers and lobbyists PLEASE talk to Comcast’s network engineers?
Posted on Jan 11, 2012 | 5:38 PM EST reply Recommend (2) Flag actions
Comcast shouldn’t be talking about DNS. Their crappy DNS servers have had nationwide outages on more than a couple occasions.
Posted on Jan 11, 2012 | 5:40 PM EST reply Recommend Flag actions
So the question is.. Is this the opening Google as been waiting for. I just canceled all my Comcast cable TV service in hopes of just consuming all my media online through torrents and streaming. Honestly, most of my torrents are TV shows from Britain that I can’t get through C0mcast anyways, and the only broadcast TV I cared about was MSNBC and other cable news networks. Which I can stream online.
So question still stands. If Comcast isn’t going change, then I have to.. and so who is the next viable partner for broadband that we can subscribe with? Is there any competition to Comcast? Or has that all but disappeared since Comcast bought started buying the world up.
Is this the chance Google has been waiting for? A time when a company could very will take a large chunk of the business in one fair swoop after SOPA is passed. Which it will because why would our government do anything right? Its not like they are going to suddenly start listening to us.
I think this is a huge business opportunity for any company willing to keep the net.. THE NET!
Posted on Jan 11, 2012 | 5:41 PM EST reply Recommend Flag actions
BEST. PICTURE. EVER.
Posted on Jan 11, 2012 | 5:51 PM EST reply Recommend (1) Flag actions
Something to say? Choose one of these options to log in.