To reduce the risk that others spend hours doing the same excercise that myself (https://marc.info/?l=openbsd-misc&m=148513378718363), here's a patch that mentiones that RES_USE_EDNS0 and RES_USE_DNSSEC options currently do nothing.
Index: lib/libc/net/resolver.3 =================================================================== RCS file: /cvs/src/lib/libc/net/resolver.3,v retrieving revision 1.33 diff -u -p -r1.33 resolver.3 --- lib/libc/net/resolver.3 16 Dec 2015 18:12:42 -0000 1.33 +++ lib/libc/net/resolver.3 23 Jan 2017 22:53:58 -0000 @@ -187,11 +187,11 @@ This informs DNS servers of a client's r allowing them to take advantage of a non-default receive buffer size, and thus to send larger replies. DNS query packets with the EDNS0 extension are not compatible with -non-EDNS0 DNS servers. +non-EDNS0 DNS servers. At the moment this option does nothing. .It Dv RES_USE_DNSSEC Request that the resolver uses Domain Name System Security Extensions (DNSSEC), -as defined in RFCs 4033, 4034, and 4035. +as defined in RFCs 4033, 4034, and 4035. At the moment this option does nothing. .El .Pp The
