Nope. There are other much more unpleasant impacts: consider cache poisoning.
If your authoritative server also handles arbitrary recursive queries, I can make your name server query my DNS server which tells lies. Unless your server does DNSSEC validation, it will then spread these lies for me. Thanks! Worst case, I might even be able to hijack your authoritative domains by injecting new glue records for those domains into your server’s cache.
That said, I’m usually not in favour of preventing people or companies from doing stupid things - like intermingling recursive and authoritative DNS servers. [Darwinism will always win in the end.] I can get paid $$$$ to fix these broken setups. :-) But more importantly, people tend to learn best from their mistakes because they then make sure they don’t repeat them.
As someone once said “The IETF is not in the business of hanging people. But it does provide plenty of rope.”. I think those comments apply very well here too.
Jim, i am aware of that - it was discussed on the member-discuss list, too. If cache poising is beeing taken care of (be it via DNSSEC or else) what other reasons are there to not combine both? So far, the most important points i do see are amplification and poisioning which both can be mitigated, what am i missing? It seems to me that all documentation regarding this topic is highly outdated (atleast what i have found, see ISC's docs for BIND). Sorry...but once again going into detail on this topic. - Jonas