Sadly DNSSEC kinda sucks. Here's some earlier discussion on HN, with a lot of links. (Namedrop: tptacek is against DNSSEC and talks about it in the link.)
TLDR: DNSSEC is kinda complex and hacko, doesn't protect you as much as you might think, and introduces a whole new PKI that you should probably trust even less than the current ones. But read the links above for the real story.
I'm using DNSCrypt right now, which (correct me if I'm wrong) protects against DNS interception by my ISP, and seems like a whole lot less trouble than DNSSEC.
Your ISP can still see the IP address of every web server that you connect to, and can still see the "Host" header that your browser sends in HTTP requests, and also in HTTPS requests (due to SNI) if you're using a reasonably modern OS/Browser combo.
All you've done is add an additional third party that can view and log what you're doing.
I did not forget that. The privacy lost is worse than the supposed "protection" gained by using DNSCrypt. "Trashy" ISPs can (and do) still intercept and modify the HTTP traffic even if they can't intercept and modify the DNS traffic.
https://news.ycombinator.com/item?id=5937004
TLDR: DNSSEC is kinda complex and hacko, doesn't protect you as much as you might think, and introduces a whole new PKI that you should probably trust even less than the current ones. But read the links above for the real story.
I'm using DNSCrypt right now, which (correct me if I'm wrong) protects against DNS interception by my ISP, and seems like a whole lot less trouble than DNSSEC.