Comcast announced today that it has finished the rollout of Domain Name System Security Extensions (DNSSEC) across its network. While patting itself on the back, Comcast’s blog post went on to essentially admit that a major element of the enforcement plan in SOPA and PIPA is incompatible with DNSSEC. Comcast is the owner of NBC-Universal, and a vocal supporter of SOPA.
The way Comcast outed itself is a little roundabout. The nation’s biggest ISP feels confident enough in DNSSEC that it shut down its internal domain Domain Helper redirect service. Domain Helper would try to redirect users that typed in commonly misspelled addresses to the right website. The important thing here is that Comcast ended support for Domain helper because it says DNS redirects are not supported by DNSSEC. SOPA and PIPA would use DNS redirects to block offending websites. Oops.
According to Comcast itself, DNS redirects are indistinguishable from malicious attacks like DNS poisoning. SOPA supporters have been brushing off claims that SOPA-mandated DNS redirects would mean a less secure Internet, but it appears that when not on Capitol Hill, Comcast believes quite the opposite to be true.