If a DNS name server supports DNSSEC, does it mean that every DNS response it sends will include DNSSEC-related records, like NSEC, NSEC3, RRSIG, etc? Or does it depend on what the resolver sent?
I know that we need to set +dnssec
when running dig
commands to see DNSSEC-related records. Is it the same for "regular" DNS queries?