DNS resolvers retry with TCP when they receive a response with the TC (truncated) bit. But when the authoritative name servers timeout? Use case: the two authoritative name servers for .pf no longer reply over UDP, only TCP. Apparently, no resolver (I tried several, plus the RIPE Atlas probes) retry with TCP.