Hi, Silly me... > 3. To publish the DNSSEC aspects in DNS, but not the AAAA records > themselves (oops!) That is bound to cause invalidity outcries normal resolvers... which isn't quite what we're after. Sigh, then this puzzle remains unsolved for now... -Rick