diff --git a/src/dnssec.c b/src/dnssec.c
index 72800c9d..4079ae4f 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -3263,6 +3263,7 @@ static void check_chain_complete(chain_head *chain)
 void _getdns_ta_notify_dnsreqs(getdns_context *context)
 {
 	getdns_dns_req **dnsreq_p, *dnsreq = NULL;
+	uint64_t now_ms = 0;
 
 	assert(context);
 
@@ -3272,14 +3273,29 @@ void _getdns_ta_notify_dnsreqs(getdns_context *context)
 
 	dnsreq_p = &context->ta_notify;
 	while ((dnsreq = *dnsreq_p)) {
+		assert(dnsreq->waiting_for_ta);
 
-		assert(dnsreq->waiting_for_ta && dnsreq->chain);
+		if (dnsreq->chain) 
+			check_chain_complete(dnsreq->chain);
+		else {
+			getdns_network_req *netreq, **netreq_p;
+			int r = GETDNS_RETURN_GOOD;
 
-		check_chain_complete(dnsreq->chain);
+			 (void) _getdns_context_prepare_for_resolution(context, 0);
 
+			*dnsreq_p = dnsreq->ta_notify;
+			for ( netreq_p = dnsreq->netreqs
+			    ; !r && (netreq = *netreq_p)
+			    ; netreq_p++ ) {
+
+				if (!(r = _getdns_submit_netreq(netreq, &now_ms)))
+					continue;
+				if (r == DNS_REQ_FINISHED)
+					break;
+				_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
+			}
+		}
 		assert(*dnsreq_p != dnsreq);
-		/* if (*dnsreq_p == dnsreq)
-			dnsreq_p = &dnsreq->ta_notify; */
 	}
 }
 
diff --git a/src/general.c b/src/general.c
index 60644115..72e7840a 100644
--- a/src/general.c
+++ b/src/general.c
@@ -581,27 +581,37 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 	req->internal_cb = internal_cb;
 	req->is_sync_request = loop == &context->sync_eventloop.loop;
 
-	if (req->dnssec_return_status) {
-		if (context->trust_anchors_source == GETDNS_TASRC_XML_UPDATE)
-			_getdns_start_fetching_ta(context, loop);
-
-		else if (context->trust_anchors_source == GETDNS_TASRC_NONE) {
-			_getdns_context_equip_with_anchor(context, &now_ms);
-			if (context->trust_anchors_source == GETDNS_TASRC_NONE)
-				_getdns_start_fetching_ta(context, loop);
-		}
-	}
-	/* Set up the context assuming we won't use the specified namespaces.
-	   This is (currently) identical to setting up a pure DNS namespace */
-	if ((r = _getdns_context_prepare_for_resolution(context, 0)))
-		return r;
-
 	if (return_netreq_p)
 		*return_netreq_p = req->netreqs[0];
 
 	_getdns_context_track_outbound_request(req);
 
-	if (!usenamespaces)
+	if (req->dnssec_extension_set) {
+		if (context->trust_anchors_source == GETDNS_TASRC_XML_UPDATE)
+			_getdns_start_fetching_ta(context, loop);
+
+		else if (context->trust_anchors_source == GETDNS_TASRC_NONE) {
+			_getdns_context_equip_with_anchor(context, &now_ms);
+			if (context->trust_anchors_source == GETDNS_TASRC_NONE) {
+				_getdns_start_fetching_ta(context, loop);
+				if (context->trust_anchors_source
+						== GETDNS_TASRC_FETCHING
+				    && context->resolution_type
+						== GETDNS_RESOLUTION_RECURSING
+				    && context->resolution_type
+						!= context->resolution_type_set) {
+
+					req->waiting_for_ta = 1;
+					req->ta_notify = context->ta_notify;
+					context->ta_notify = req;
+					return GETDNS_RETURN_GOOD;
+				}
+			}
+		}
+	}
+	if (!usenamespaces) {
+		(void) _getdns_context_prepare_for_resolution(context, 0);
+
 		/* issue all network requests */
 		for ( netreq_p = req->netreqs
 		    ; !r && (netreq = *netreq_p)
@@ -616,7 +626,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 			}
 		}
 
-	else for (i = 0; i < context->namespace_count; i++) {
+	} else for (i = 0; i < context->namespace_count; i++) {
 		if (context->namespaces[i] == GETDNS_NAMESPACE_LOCALNAMES) {
 
 			if (!(r = _getdns_context_local_namespace_resolve(
@@ -650,6 +660,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 			}
 #endif /* HAVE_MDNS_SUPPORT */
 		} else if (context->namespaces[i] == GETDNS_NAMESPACE_DNS) {
+			(void) _getdns_context_prepare_for_resolution(context, 0);
 
 			/* TODO: We will get a good return code here even if
 			   the name is not found (NXDOMAIN). We should consider
diff --git a/src/request-internal.c b/src/request-internal.c
index 32f6611a..c5a5b0a9 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -914,6 +914,7 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
 		dnssec_return_full_validation_chain;
 	result->dnssec_return_validation_chain = dnssec_return_validation_chain
 	     || dnssec_return_full_validation_chain;
+	result->dnssec_extension_set           = dnssec_extension_set;
 	result->edns_cookies                   = edns_cookies;
 #ifdef DNSSEC_ROADBLOCK_AVOIDANCE
 	result->dnssec_roadblock_avoidance     = dnssec_roadblock_avoidance;
diff --git a/src/types-internal.h b/src/types-internal.h
index a827456a..56b7a2f0 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -300,6 +300,7 @@ typedef struct getdns_dns_req {
 	unsigned dnssec_return_all_statuses		: 1;
 	unsigned dnssec_return_validation_chain		: 1;
 	unsigned dnssec_return_full_validation_chain	: 1;
+	unsigned dnssec_extension_set                   : 1;
 #ifdef DNSSEC_ROADBLOCK_AVOIDANCE
 	unsigned dnssec_roadblock_avoidance		: 1;
 	unsigned avoid_dnssec_roadblocks		: 1;