SleepyEgg

Tuesday, Comcast announced a public trial that any Comcast cable Internet access user can participate in. And a year from now, DNSSEC validation will be rolled out throughout all of Comcast's DNS resolvers. Comcast will also be signing all of the domains it hosts, including comcast.com, comcast.net, and xfinity.com.

The DNSSEC extensions to the DNS protocol make it possible for a validating server or a validating host to determine whether information in the Domain Name System is legitimate or not, the same way that it's possible to determine whether a signed e-mail message did indeed come from the holder of the e-mail address. In the past, it was trivial to inject fake information in DNS servers.