diff --git a/ratelimits/names.go b/ratelimits/names.go
index cc32e49b6..099de902d 100644
--- a/ratelimits/names.go
+++ b/ratelimits/names.go
@@ -120,6 +120,9 @@ var nameToString = map[Name]string{
 	LimitOverrideRequestsPerIPAddress:                 "LimitOverrideRequestsPerIPAddress",
 }
 
+// Policy Authority singleton
+var PA *policy.AuthorityImpl
+
 // isValid returns true if the Name is a valid rate limit name.
 func (n Name) isValid() bool {
 	return n > Unknown && n < Name(len(nameToString))
@@ -201,7 +204,14 @@ func validateRegIdIdentValue(id string) error {
 		return fmt.Errorf(
 			"invalid regId, %q must be formatted 'regId:identValue'", id)
 	}
-	domainErr := policy.ValidDomain(regIdIdentValue[1])
+	pa := PA
+	if pa == nil {
+		pa, err = policy.New(map[identifier.IdentifierType]bool{"dns": true}, nil, nil)
+		if err != nil {
+			return fmt.Errorf("cannot create policy authority implementation")
+		}
+	}
+	domainErr := pa.ValidDomain(regIdIdentValue[1])
 	if domainErr != nil {
 		ipErr := policy.ValidIP(regIdIdentValue[1])
 		if ipErr != nil {
@@ -215,7 +225,15 @@ func validateRegIdIdentValue(id string) error {
 // name or an IP address. IPv6 addresses must be the lowest address in their
 // /64, i.e. their last 64 bits must be zero.
 func validateDomainOrCIDR(limit Name, id string) error {
-	domainErr := policy.ValidDomain(id)
+	pa := PA
+	var err error
+	if pa == nil {
+		pa, err = policy.New(map[identifier.IdentifierType]bool{"dns": true}, nil, nil)
+		if err != nil {
+			return fmt.Errorf("cannot create policy authority implementation")
+		}
+	}
+	domainErr := pa.ValidDomain(id)
 	if domainErr == nil {
 		// This is a valid domain.
 		return nil
@@ -270,8 +288,16 @@ func validateFQDNSet(id string) error {
 		return fmt.Errorf(
 			"invalid fqdnSet, %q must be formatted 'fqdnSet'", id)
 	}
+	var err error
+	pa := PA
+	if pa == nil {
+		pa, err = policy.New(map[identifier.IdentifierType]bool{"dns": true}, nil, nil)
+		if err != nil {
+			return fmt.Errorf("cannot create policy authority implementation")
+		}
+	}
 	for _, value := range values {
-		domainErr := policy.ValidDomain(value)
+		domainErr := pa.ValidDomain(value)
 		if domainErr != nil {
 			ipErr := policy.ValidIP(value)
 			if ipErr != nil {