I'd suggest you kick your "integrity of DNS" principle in the interest of "rough consensus, working code". And yes, you can do that without passing on user-specific EDNS to AT, who're quite likely to obtain just that information through the subsequent HTTP GET request in any event.