Comcast is the first large ISP or Internet service provider in North America to implement DNSSEC as part of ongoing efforts to protect our customers with the Constant Guard® service. It provides an enhanced level of Internet security that allows websites and ISPs to validate domain names to ensure they are legitimate and not falsified.
DNS Lock will validate that users on the Xfinity Internet service are using Comcast's approved DNSSEC servers. If an application, such as malware on a user's computer, attempts to change that user's DNS settings, the user will receive an alert and the DNS setting will automatically be changed back to the Comcast DNSSEC servers. If the same user moves from the Xfinity Internet service to another provider, the DNS Lock feature will allow the use of the DNS servers made available by that provider. In order for Comcast to measure the effectiveness of DNS Lock, the program will record the DNS settings of Constant Guard Protection Suite users. Comcast does not collect any personally identifiable information as part of this process.