.gov Failing DNSSEC Validation
The .gov zone is having DNSSEC validation issues because there are expired rrsig records on some of their name servers. This has caused all domains within .gov (eg. IRS.gov) to not be reachable. We have notified the domain operator regarding the issue. Comcast will be implementing a Negative Trust Anchor to allow the domain operator time to correct the issue. This will be removed July 6, 2012. Although we are utilizing a Negative Trust Anchor, the responsibility for properly configured DNS records lies with domain administrators.