[dns-operations] EDSN0 fallback in the era of DNSSEC

[David C Lawrence]

Paul Hoffman writes:
> Retrying queries without EDNS0 seems sensible before deployment of DNSSEC.
> Is that still the case now that DNSSEC is more widely deployed? 

Yes, just not in this case.  We definitely still see broken setups
where the no-EDNS0 fallback is necessary to get an answer.

I agree with Bert in that if a domain indicates it needs DNSSEC, then
the resolver shouldn't send itself down a path where it can't get the
answers it needs.