Don't waste your time on it. The type of attacks DNSSEC prevents do not occur in practice. A bad actor has to both compromise an intermediate DNS server, and setup a service to be successful. Almost all bad actors do it the easy way and only setup a similar service with a similar domain name and then send phishing emails etc.

Where DNSSEC would be useful is where countries setup a filtering system to block, trace or modify certain types of traffic of their citizens. But in practice, those countries also set up their own top level DNS servers and bypass the DNSSEC protection altogether.

To give you perspective, open a command line prompt on a Linux system and use the command dig domainname dnskey. Replace domainname with any top-level domain you want like cloudflare.com, microsoft.com, facebook.com or google.com. Of these four, only Cloudflare has DNSSEC keys configured in their DNS.

Now go figure, if Google, Microsoft and Facebook don't use DNSSEC, why would you do it? The chances that your site will be the target of a DNS spoofing attack is magnitudes lower than those big three. The only reason Cloudflare has DNSSEC setup is because they sell DNSSEC as a product and earn money for it. But the value in the real world of such a DNSSEC protection is about as much as snake oil.

Once you have DNSSEC correctly configured, DNS queries will need to use the much slower TCP queries compared to the UDP queries, because the DNS records with DNSSEC information easily goes beyond the limit of 512 bytes for UDP queries. That causes slower loads of your site.