Reply to comment:

Olafur Gudmundsson
I hate to burst your bubble, one of your assumptions is that the path from the application to the authoritative DNS server is: stub ---> Recursor --> Authority but that is not in all cases for example Stub --> validating forwarder --> Recursor --> AUth will make the Recursor look like it is validating This probably explains why Google DNS looks so good as it is mostly OK to use as a forwarding target by a validator.