DNSSEC is meant to solve the integrity issue. Now, whether you feel it actually does the job is another matter.
Personally, I use it on three domains, one which was done for testing purposes, and the other two because there are DNS records I would like to keep secure from manipulation. It'd be nice if TLSA/DANE was more widely supported, if only to be an additional bar against certificate forgery, but unfortunately it's not.
It'd be good if DNS servers other than Knot had decent native support for signing, but they don't in general.
Personally, I use it on three domains, one which was done for testing purposes, and the other two because there are DNS records I would like to keep secure from manipulation. It'd be nice if TLSA/DANE was more widely supported, if only to be an additional bar against certificate forgery, but unfortunately it's not.
It'd be good if DNS servers other than Knot had decent native support for signing, but they don't in general.