I have been testing the idea of utilizing the GTM for DNS recursion to the internet in our development region. I was able to easily setup a listener for external recursion and successfully tested. I also configured a cache profile, in order to cache the responses. What I cannot figure out for the life of me is how to enable this recursion to perform DNSSEC validation against these responses from the internet.
I assumed creating a Cache with a Resolver Type of Validating Resolver and enabling that cache in my DNS profile for my listener would do the trick. However I am still successfully able to resolve zones that are known DNSSEC broken. I do see in the statistics of the cache under "Validator Key Details" all requests are being logged as "Indeterminate"