On Tuesday February 26th we will begin the roll out of several security enhancements to our recursive DNS servers. These features will keep both our customers and our systems more secure and limit abuse of our resources. The changes include:
Enabling DNSSEC validation.
Enabling 2 commercial DNS RPZ services.
Closing our DNS servers to off network requests.
These changes will be rolled out to customers served out of Los Angeles first. Provided that we don’t run into any major issues, the remaining systems serving the rest of our customers will be migrated on March 5th.
Due to the potentially controversial nature of using DNS RPZ, a set of alternate servers are available to customers who wish to opt out. For more information please visit the following Forums posting:
https://forums.sonic.net/viewtopic.php?f=5&t=1186
Update 26, February — Stage one is complete, Los Angeles customers are now using the new DNS services.