The resolvers are configured to request UDP responses no larger than 512 bytes.
With all your RRSIG records, even minimal responses are larger than that, so your nameservers tell the resolvers to retry over TCP.
Everything should always have worked, though downloading 9 KB of stuff for every query is inefficient.
Maybe there's some kind of path MTU issue and TCP was failing?