We’ve completed the deployment of our new DNS policies as covered in the Upcoming DNS changes MOTD. To reiterate, we’ve disabled access to our recursive servers from off our network, are enforcing DNSSEC validation and have enabled two commercial RPZ lists to help protect our customers from phishing, viruses and malware. For more information please see this forum post.
Update: We disabled one of the commercial RPZ lists earlier this afternoon. Despite substantial testing and review prior to deploying this to our customers that the service – at least as it stands now – is overly aggressive in its listing policy.
-Kelsey and Augie