According to
http://en.wikipedia.org/wiki/DNSSEC DNSSEC has not been been implemented completely yet.
The following packet dump show a DNSSEC answer
Code:
23:03:05.558393 B2.ORG.AFILIAS-NST.org.53 > rnames.utp.xnet.36923: 43271-
q: A? www.daemonforums.org. 0/6/2 ns: daemonforums.org. NS
ns.rwxrwxrwx.net., daemonforums.org. NS ns.daemonforums.org.,
h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. Type50,
h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. RRSIG,
u1rfjcpe050u05iqk0705qqqilnu83po.org. Type50,
u1rfjcpe050u05iqk0705qqqilnu83po.org. RRSIG ar: ns.daemonforums.org.
A 94.142.245.224, . OPT UDPsize=4096 (605) (DF) (ttl 58, id 0, len
633)
If you want a safe DNS infrastructure, use
tinydns and
dnscache from Daniel Bernstein