> Comcast has taken a pragmatic view. I'm glad to see they've turned on
> validation, but I can see why they need to configure exceptions. Without
> being able to manage exceptions, large ISPs are not going to turn on
> validation.
Indeed, which brings on the question why BIND (still) doesn't have the
a "negative trust anchor" feature.
-JP