On Mon, Mar 18, 2019 at 12:47:36PM +0000, Nick via Unbound-users <unbound-users@nlnetlabs.nl> wrote a message of 33 lines which said:
> For some client requests we would like to insist on DNSSEC, and > others I would like to understand if DNSSEC failed, but still retain > the option to get a result from the DNS lookup. Clearly, DNS Extended Error is exactly what you want. Your use-case is quite common. But DNS Extended Error is not yet a RFC and not yet implemented (see my message about the IETF hackathon). If you control the client application, getdns <https://getdnsapi.net/> may interests you.