If you really are using DNSSEC with stubby, you might want to read this topic, and preferably also reply in that topic, this to keep the results together.
I'm interested in what you need to add to have stubby evaluate DNSSEC, I'm new to stubby, so I'm still learning, I followed this wiki to implement it, but haven't changed the listed configuration yet.