Do you have a clean path to the Internet on port 53? If so, get rid of the forwarding statements.
Turn on DNSSEC debugging:
Code:
channel dnssec_log {
file "logs/dnssec.log" versions 2 size 2m;
print-time yes;
print-category yes;
print-severity yes;
severity debug 3;
};
category dnssec { dnssec_log; };
And see what logs you get. Also, make sure that your trusted-keys file is valid... running named-checkconf should give you a good indication.