[Doh] [FYI] How Comcast Handles DNS Information

"Livingood, Jason" <Jason_Livingood@comcast.com> Wed, 22 May 2019 14:09 UTC

Return-Path: <Jason_Livingood@comcast.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 570841201A1 for <doh@ietfa.amsl.com>; Wed, 22 May 2019 07:09:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z7wbYYgeYP2G for <doh@ietfa.amsl.com>; Wed, 22 May 2019 07:09:04 -0700 (PDT)
Received: from copdcmhout01.cable.comcast.com (copdcmhout01.cable.comcast.com [162.150.44.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB4FB120142 for <doh@ietf.org>; Wed, 22 May 2019 07:09:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=comcast.com; s=20190412; c=relaxed/simple; q=dns/txt; i=@comcast.com; t=1558534131; x=2422447731; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=DXKG72YhOzbzhIXbahGqxZHV8IogkabgMQgJhOwogys=; b=o1B4nbB6y/4e28tcQuGHR4R4u4fEsjHE5nm/CoylMJTmSPuO0YkBG17OXKGhYxGY tW+ca7Yj/2DTSukPC7VtlEeSe1Rtmc3haJrTYt/jgj6chtrsRzyw9fniinjiWtoW 2B3vzJFnwv0IXZ5G7VuIGEIqFAFsEvq33Ht+Nwb6maoCwp4BSqmwex3/ppPNegdc 6RDCdaj3oTMKXjdXKtGO5kffcdNC0awavPsruVjztzJwuzX26h/qmGvt/brDEzYG S6OpzCWwLJd87m/JavGO6PtDr++WkbH9tMNUvGCppyWe1OEcsRlhemLmOKx4rXR+ 6wrdyu/jJXhtYGysEEvG3Q==;
X-AuditID: a2962c47-cebff70000021564-7f-5ce557ee2756
Received: from COPDCEXC35.cable.comcast.com (copdcmhoutvip.cable.comcast.com [96.114.156.147]) (using TLS with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client did not present a certificate) by copdcmhout01.cable.comcast.com (SMTP Gateway) with SMTP id 5A.67.05476.EE755EC5; Wed, 22 May 2019 08:08:46 -0600 (MDT)
Received: from COPDCEXC37.cable.comcast.com (147.191.125.136) by COPDCEXC35.cable.comcast.com (147.191.125.134) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Wed, 22 May 2019 10:08:53 -0400
Received: from COPDCEXC37.cable.comcast.com ([fe80::3aea:a7ff:fe36:8a94]) by COPDCEXC37.cable.comcast.com ([fe80::3aea:a7ff:fe36:8a94%15]) with mapi id 15.01.1713.004; Wed, 22 May 2019 10:08:53 -0400
From: "Livingood, Jason" <Jason_Livingood@comcast.com>
To: DoH WG <doh@ietf.org>
Thread-Topic: [FYI] How Comcast Handles DNS Information
Thread-Index: AQHVEKfjeVSP5/NgUk6KgkVLHxwQZA==
Date: Wed, 22 May 2019 14:08:53 +0000
Message-ID: <87D8BAF1-9EF5-4DF4-9F67-571201F8D906@cable.comcast.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.19.0.190512
x-originating-ip: [96.115.73.253]
Content-Type: multipart/alternative; boundary="_000_87D8BAF19EF54DF49F67571201F8D906cablecomcastcom_"
MIME-Version: 1.0
X-CFilter-Loop: Forward
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrNIsWRmVeSWpSXmKPExsWSUDRnsu678KcxBvd2S1tcu3uRzYHRY8mS n0wBjFHhNkWpxaVJuZklCsWpRWWZyam2SsmJxUp2XAoYAKg0JzWxONUxuSQzP69YH0ONjT7M MLuE8Iw/P+eyFKxxqOi7/JGlgfGgXRcjJ4eEgIlE3/7bLF2MXBxCAkeYJJb8b2WDcFqYJM61 fIHKnGaUWNR8nR2khU3ATOLuwivMILaIgKTExanvWEBsYaBRs7+dZIKIW0pM3vwAqkZPYm/T BsYuRg4OFgFViTcfVEHCvAIuEv8nzAIbySggJvH91BqwVmYBcYlbT+YzQVwnILFkz3lmCFtU 4uXjf6wgtqiAvsSP7TfZIOKKEvs+rGCG6E2X2DNlKQvEfEGJkzOfsEDUiEscPrKDdQKjyCwk K2YhaZmFpGUW0KXMApoS63fpQ5QoSkzpfsgOYWtItM6ZC2VbSXT862NCVrOAkWMVI6+hmZGe oamBnomJnrnhJkZglC+apuO+g/HD+dhDjAIcjEo8vNuB0S/EmlhWXJl7iFGCg1lJhPf0qUcx QrwpiZVVqUX58UWlOanFhxilOViUxHmNNG/HCAmkJ5akZqemFqQWwWSZODilGhgZ2n8GPm1i mn7evpetdqIit1ar2fmG+t5+oW3sp/i/Fvg+fszvuyI1o1he/sqh5NKIoKaAvFfTlXZVTQ/2 +l+RLner/CObYLjmhZkN9pxLzC/4vFu+tsBI/3NzJt/CzrZv20O6X3/+3/l+tu33k193F6t/ yth8ea1m0f2rEZYPHSeeEJlXcUKJpTgj0VCLuag4EQAUm9q97gIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/wulCGoLcriQBnybFOo2ub6RBP_w>
Subject: [Doh] [FYI] How Comcast Handles DNS Information
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 May 2019 14:09:12 -0000

At the recent DoH meeting at IETF-104, and also in the side meeting that Stéphane organized, there was much discussion about how a primary motivation for centralized DoH was ISP DNS practices: specifically, NXDOMAIN redirection and DNS data collection and privacy.

I thought I’d take a moment here to confirm Comcast’s position on these issues. First, we don’t do NXDOMAIN redirection (see https://corporate.comcast.com/comcast-voices/comcast-domain-helper-shuts-down).  Second, our longstanding policy regarding customer DNS queries is simple: we do not track customers’ DNS data, sell it, or use it for advertising or marketing.  And even though Comcast processes more than 550 billion recursive DNS queries per day, it is our standard policy to delete all DNS queries from our systems’ logs every 24 hours, unless we need to research and resolve specific security or network performance issues.

We take DNS security very seriously and we were the first large ISP in the United States to fully implement DNSSEC validation (see https://corporate.comcast.com/comcast-voices/comcast-completes-dnssec-deployment). Whether it is DNSSEC or our early implementation of IPv6, we’re always interested in deploying valuable new standards and, just as many other ISPs are now doing, we continue to study how and when to deploy DoH and DoT in a manner that will minimize consumer disruptions while ensuring continued consumer privacy & security.

Regards,
Jason Livingood
Vice President – Technology Policy & Standards
Comcast