Enabling DNSSEC validation.
Enabling DNS reputation validation.
Closing our DNS servers to off network requests.
These features will appear automatically for all of our customers when the roll out is complete, so that there is no action for you to take as a customer.
Briefly the reasoning behind these features are as follows:
Enabling DNSSEC validation allows you to be sure that the websites you visit are in fact the legitimate site, and not a fake site put up by criminals. For more information please see our DNSSEC Wiki page (https://wiki.sonic.net/wiki/DNSSEC ).
Enabling DNS reputation validation will protect our customers from unknowingly visiting malicious web sites. These are sites that seek to directly harm customers' computers or use their computers to do harm to others. If you do happen to visit a malicious site, instead of the criminal's web site, you will instead see a page like this: http://dns-blocked.sonic.net/ .
Closing our DNS servers to off network requests is something we have wanted to do for a very long time. Doing so protects our servers from being used by hackers to harm others on the Internet. If you attempt to use our DNS servers while not on the Sonic.net network, you will be redirected to a page similar to this: http://dns-captive.sonic.net/ .
We understand that some of our customers may wish to not utilize these additional security features, and as such we are offering two opt-out servers that do not implement DNSSEC or reputation validation, the IP addresses of those servers are:
Please reply here with any questions or concerns you have, and we will gladly answer them.