It would be nice if dns would tell us when the dns routing has been tampered with and or censored. We won't be able to stop governments from routing legitimate requests to dev/null, maybe we can at least deliver a report to the requester: "this request was blocked by government xyz, here is the traceroute and details on the cancerous growth in the tubes."
Providing that kind of assurance of integrity is precisely what DNSSEC is designed to do. With the signatures and "chain of trust" a DNSSEC-validating DNS resolver could determine whether the DNS info has been tampered with and provide that feedback back to an application. Now, how the application might choose to present that info is a different question... and could, in fact, offer creative error messages like the one you wrote.
