said by andyross:
It should be mentioned that some .gov sites have occasional issues. It's not Comcast's fault, though. The keys for the .gov sites are regularly updated, but they don't broadcast the proper TTL or something like that, so Comcast tries to use expired ones.
Yep, sometimes being on the leading edge (in this case strict adherence to DNSSEC) sometimes means being on the bleeding edge. I know that I had to make changes in some of my DNS records in order for DNSSEC servers (and Comcast's servers in particular) to properly resolve them.--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.