[Add] [FYI] How Comcast Handles DNS Information
"Livingood, Jason" <Jason_Livingood@comcast.com> Tue, 28 May 2019 15:40 UTC
Return-Path: <Jason_Livingood@comcast.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 360C1120226 for <add@ietfa.amsl.com>; Tue, 28 May 2019 08:40:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZQ472Lh6kKFZ for <add@ietfa.amsl.com>; Tue, 28 May 2019 08:40:23 -0700 (PDT)
Received: from copdcmhout01.cable.comcast.com (copdcmhout01.cable.comcast.com [162.150.44.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5496A120115 for <add@ietf.org>; Tue, 28 May 2019 08:40:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=comcast.com; s=20190412; c=relaxed/simple; q=dns/txt; i=@comcast.com; t=1559058013; x=2422971613; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=4etLfi8WTgTfh42eKsX/KPRelCjazM811dtbai/n0zc=; b=u/KEZ8hjNZMIpOsw+dGbDQArCFHOx7YZNoqM+I1SFOB//V6394mTvwU08L3wDpFt 7yhViqm6BIYsE0k6/ovO05ZhiCagjOfhEHM4fhTBjXt42+WSkCZnrj7yf1RT9Tlt LJckqH7WtUP8Y915UcbqkI2OjL1+sd3FdwrUmd+Ox49SMNbEYB41Ydtlm/Gf/m/o IznlpJbLfaSSeCnZd7q62LZMmqAglzmLLuQ+hYIk28JYuVn1pMRKfrp/XFF4Kxvg fUWQ2cBGqqjIzlCIcYtSsUaTEhgPSIWBG+MXRF0FNDuDGTeVGnwG1eYmUYGlTokY nFXd24iiPEAlAIYHBBANjg==;
X-AuditID: a2962c47-cebff70000021564-32-5ced5657485f
Received: from COPDCEXC38.cable.comcast.com (copdcmhoutvip.cable.comcast.com [96.114.156.147]) (using TLS with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client did not present a certificate) by copdcmhout01.cable.comcast.com (SMTP Gateway) with SMTP id 82.09.05476.7565DEC5; Tue, 28 May 2019 09:40:07 -0600 (MDT)
Received: from COPDCEXC37.cable.comcast.com (147.191.125.136) by COPDCEXC38.cable.comcast.com (147.191.125.137) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Tue, 28 May 2019 11:40:15 -0400
Received: from COPDCEXC37.cable.comcast.com ([fe80::3aea:a7ff:fe36:8a94]) by COPDCEXC37.cable.comcast.com ([fe80::3aea:a7ff:fe36:8a94%15]) with mapi id 15.01.1713.004; Tue, 28 May 2019 11:40:15 -0400
From: "Livingood, Jason" <Jason_Livingood@comcast.com>
To: "add@ietf.org" <add@ietf.org>
Thread-Topic: [FYI] How Comcast Handles DNS Information
Thread-Index: AQHVEKfjeVSP5/NgUk6KgkVLHxwQZKaAtfqA
Date: Tue, 28 May 2019 15:40:15 +0000
Message-ID: <A2BBC5A9-27F1-4882-8D39-2BAF28B29D5E@cable.comcast.com>
References: <87D8BAF1-9EF5-4DF4-9F67-571201F8D906@cable.comcast.com>
In-Reply-To: <87D8BAF1-9EF5-4DF4-9F67-571201F8D906@cable.comcast.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.19.0.190512
x-originating-ip: [68.87.29.7]
Content-Type: multipart/alternative; boundary="_000_A2BBC5A927F148828D392BAF28B29D5Ecablecomcastcom_"
MIME-Version: 1.0
X-CFilter-Loop: Forward
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrEIsWRmVeSWpSXmKPExsWSUDRnsm542NsYg0VbbCz+n17H5sDosWTJ T6YAxqhwm6LU4tKk3MwSheLUorLM5FRbpeTEYiU7LgUMAFSak5pYnOqYXJKZn1esj6HGRh9m mF1CeMaKY6dYC7q8Kk5NvMPcwNjo0cXIySEhYCIxu/0oM4gtJHCESWLaljwIu4VJYsM+wy5G LiD7NKPEj/Y+dpAEm4CZxN2FV8AaRAQUJRo33mEEsYVBBn07yQQRt5SYvPkBVI2RxNNJv8Bq WARUJe5862IDsXkFXCR+zD/NArHMRWLp8Raw+ZwCrhL3nn0GsxkFxCS+n1oDNpNZQFzi1pP5 TBBHC0gs2XOeGcIWlXj5+B8riC0qoC/xY/tNNoi4nMTc1/dYIHrTJa5vewi1V1Di5MwnLBA1 4hKHj+xgncAoNgvJillIWmYhaZnFyAEU15RYv0sfokRRYkr3Q3YIW0Oidc5cKNtK4teEVhZk NQsYOVYx8hqaGekZmhromZjomRtuYgSmhEXTdNx3MH44H3uIUYCDUYmH92HQ2xgh1sSy4src Q4wSHMxKIry2U97ECPGmJFZWpRblxxeV5qQWH2KU5mBREudlWvksRkggPbEkNTs1tSC1CCbL xMEp1cAo5a7ffv4bf5nVHZGgHJ0Qk1iNjVFVi8xXmF5brlG+TeWw99Vd7y0v5j/r85tWfPj2 Qm6fYAm/L75PV0jMnOPKqSZ/6u/M/4fyvoRkLLFIWhZwKD2H8QxzGqNuwaLTAmp1yvueZ2Y/ 5i4rWB60zL74dlTzn60/jrusqLDcErF0taLwzucHbuQpsRRnJBpqMRcVJwIAfjLiAQUDAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/LSB8fMubf8_krrOcWBgcI1W1O7Q>
Subject: [Add] [FYI] How Comcast Handles DNS Information
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 May 2019 15:40:25 -0000
Since there’s some ADD list discussion of resolver policies – FYI on below. From: Jason Livingood <Jason_Livingood@cable.comcast.com> Date: Wednesday, May 22, 2019 at 10:08 AM To: DoH WG <doh@ietf.org> Subject: [FYI] How Comcast Handles DNS Information At the recent DoH meeting at IETF-104, and also in the side meeting that Stéphane organized, there was much discussion about how a primary motivation for centralized DoH was ISP DNS practices: specifically, NXDOMAIN redirection and DNS data collection and privacy. I thought I’d take a moment here to confirm Comcast’s position on these issues. First, we don’t do NXDOMAIN redirection (see https://corporate.comcast.com/comcast-voices/comcast-domain-helper-shuts-down). Second, our longstanding policy regarding customer DNS queries is simple: we do not track customers’ DNS data, sell it, or use it for advertising or marketing. And even though Comcast processes more than 550 billion recursive DNS queries per day, it is our standard policy to delete all DNS queries from our systems’ logs every 24 hours, unless we need to research and resolve specific security or network performance issues. We take DNS security very seriously and we were the first large ISP in the United States to fully implement DNSSEC validation (see https://corporate.comcast.com/comcast-voices/comcast-completes-dnssec-deployment). Whether it is DNSSEC or our early implementation of IPv6, we’re always interested in deploying valuable new standards and, just as many other ISPs are now doing, we continue to study how and when to deploy DoH and DoT in a manner that will minimize consumer disruptions while ensuring continued consumer privacy & security. Regards, Jason Livingood Vice President – Technology Policy & Standards Comcast
- [Add] [FYI] How Comcast Handles DNS Information Livingood, Jason