On 14/01/2015 09:34, Stefan.Lasche at t-systems.com wrote: > Our customer uses a fictional Toplevel Domain[...] Can you flip the problem on its head, by signing the fictional TLD and deploying managed-keys (or trusted-keys) on the validating resolvers? Graham