There are two issues with TCP failure handling in resolver code which are somewhat intertwined yet still distinct:

• for servers which respond to EDNS queries but never send responses larger than 512 bytes and are unavailable over TCP, named may go into a pointless query loop which is only interrupted after the fetch context restart limit is hit; this cannot really be exploited, but is harmful to broken servers,

• TCP connection failures affect EDNS timeout statistics while EDNS mechanisms only apply to DNS over UDP.

Both of these issues are exposed by the legacy system test, but they went under the radar so far because they do not cause test failures - I only noticed something was up because I was running that test with Wireshark in the background.