When "Use DNSSEC" is enabled, I see there are different tags on queries:
SECURE INSECURE BOGUS
Most of them are INSECURE for my case so I am wondering if the option just tags them yet still allows them. If that is true, what does enabling it achieve functionally? Wouldn't you want "bad" ones (is that what BOGUS means) to get dropped?