DNSSEC is not validated

[onovy]

Hi,

according to README, blocky supports DNSSEC. This is only "half-true". Blocky support RRSIG/etc records, but doesn't validate DNSSEC trust chain at all. It just trust validation done by upstream resolver, which is not secure enough.

Used dns library doesn't do validation per-se (confirmed by author), but it can be added. For inspiration how to do validation correctly, see sdns which uses same dns library.

[starsoccer]

Bump on this would love to see support for it