Are they legally required to also lie about or forge DNSSEC? Assuming the site's zone is signed and if my local resolver asks for (or checks) DNSSEC status, I should get an error (or a failing signature)?

Just a random thought really, but if they have to, how far is a similar ruling that forces something similar with HTTPS or even ESNI?