There are domains that will never be sold, but none of them are very sexy. RFC2606+RFC6761 list .example, .invalid, .localhost, and .test, but none of those are practical and some come with certain behavioural expectations. There's .home.arpa as well (RFC8375), which may be the most technically correct TLD to use for these domains, but also is one of the least marketable ones.
Then there are the IDN test TLDs (إختبار, آزمایشی, 测试, 測試, испытание, परीक्षा, δοκιμή, 테스트, טעסט, テスト, பரிட்சை, let's hope my browser+HN did the RTL mixing right) that also probably won't resolve, but most users probably won't be able to enter any of those websites.
AVM could've offered mDNS (if they don't already) and just use .local.
