Comment by cyberax

I sign my zones :)

The reliable way is DoH/DoT that are rapidly going to become the standard. They don't suffer from fragmentation issues, so they can reliably get the DNSSEC chain.

Or maybe the next step is putting the stapled response into the certificate. Perhaps it can even be used by Let's Encrypt as a part of the challenge, providing the incentive to get it right.

The original stapled DNSSEC experiment was suffering from misaligned incentives. CAs didn't care at all about it.