Which increases your security more: using DNSSEC, or using OpenDNS which automatically blocks malware domains / botnet C&C, etc?
Right now there are real, tangible benefits to just using OpenDNS. There are very few benefits to setting up your own resolver with DNSSEC due to the limited amount of zones signing with it.
I know these protect you from two different types of attacks, but for the average user the OpenDNS solution is more likely to protect them from harm (malware, ransomware, etc) than DNSSEC stopping a state actor doing a MITM (between end user and OpenDNS) which wouldn't be possible if you used OpenDNS via dnscrypt anyway; the state actor would have to successfully and undetectably poison OpenDNS's cache.
tl;dr: To the average user DNSSEC has a miniscule security impact in their everyday internet usage.
Right now there are real, tangible benefits to just using OpenDNS. There are very few benefits to setting up your own resolver with DNSSEC due to the limited amount of zones signing with it.
I know these protect you from two different types of attacks, but for the average user the OpenDNS solution is more likely to protect them from harm (malware, ransomware, etc) than DNSSEC stopping a state actor doing a MITM (between end user and OpenDNS) which wouldn't be possible if you used OpenDNS via dnscrypt anyway; the state actor would have to successfully and undetectably poison OpenDNS's cache.
tl;dr: To the average user DNSSEC has a miniscule security impact in their everyday internet usage.