> Comcast has taken a pragmatic view. I'm glad to see they've turned on > validation, but I can see why they need to configure exceptions. Without > being able to manage exceptions, large ISPs are not going to turn on > validation. Indeed, which brings on the question why BIND (still) doesn't have the a "negative trust anchor" feature. -JP