Please review rt46327.

I wish we could stop supporting no-dnssec.