If using an open resolver, i.e., a shared DNS cache, e.g., third party DNS service such as Google, Cloudflare, etc., then it might fail, or it might not. It depends on the third party DNS provider
To me, a response from a "root DNS server", i.e., [a-m].root-servers.net, is not "wrong" if it contains the correct data that I'm requesting, e.g., domainnames and associated IP numbers
I'm never requesting RRSIGs as I do not use that data. For me, it's just cruft that now comes in the response
DNSSEC not working
If using an open resolver, i.e., a shared DNS cache, e.g., third party DNS service such as Google, Cloudflare, etc., then it might fail, or it might not. It depends on the third party DNS provider
https://datatracker.ietf.org/meeting/118/materials/slides-11...