Is DNSSEC working?

[TomekP]

I have DNSSEC ON in my config, but when I test it, I get

My config: Adguard as DNS server with upstream DNS (Unbound) 127.0.0.1:5555 with DoT (Cloudflare, Google, quad9)
What do I do wrong?

Code Select Expand

~ # unbound-host -v -d -t DNSKEY .
[1733748662] libunbound[71212:0] notice: init module 0: validator
[1733748662] libunbound[71212:0] notice: init module 1: iterator
[1733748662] libunbound[71212:0] info: resolving . DNSKEY IN
[1733748662] libunbound[71212:0] info: priming . IN NS
[1733748662] libunbound[71212:0] info: response for . NS IN
[1733748662] libunbound[71212:0] info: reply from <.> 192.203.230.10#53
[1733748662] libunbound[71212:0] info: query response was ANSWER
[1733748662] libunbound[71212:0] info: response for . NS IN
[1733748662] libunbound[71212:0] info: reply from <.> 192.36.148.17#53
[1733748662] libunbound[71212:0] info: query response was ANSWER
[1733748662] libunbound[71212:0] info: priming successful for . NS IN
[1733748663] libunbound[71212:0] info: response for . DNSKEY IN
[1733748663] libunbound[71212:0] info: reply from <.> 192.36.148.17#53
[1733748663] libunbound[71212:0] info: query response was ANSWER
. has DNSKEY record 256 3 8 AwEAAc0SunbHdS0KFEyZbYII/+tzsrNzIwurKxmJA+0fhAYlTPA/5LrMGkGEqvvufzM0w/CaVtdm5eWkZYQcsoSKT5bycx0C4jxnLEb3ZiZUQSqu1rWcKGF1fj/GyDWLkOu7a5h3el+gPmglj/4l4V31ugNYfqYq84vCB+3D6Sodrd+85KyonnzWJ8cS7aZ57x0d0sGqsAKA+6tRnIXjVNVe7Ro5xJuz8IR7rOxdzfuRLriN+Z00EL3U5E7s9SISU/hDh7Q7N70W1mLMc1o2+tCRGjEWrw4wmCWMzc1kegbLES/dUOWFvPjJz0+AEeWDhd2GqtXk02BzAhdfeIAEIv68FTs= (insecure)
. has DNSKEY record 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= (insecure)