You do not need to set up DNSSEC+DANE, and, in fact, doing so is very likely to make your system less reliable; the primary function DNSSEC has in practice is to cause outages.
Observe how few of the major sites are DNSSEC-signed. In reality the only purpose signing has is allowing your site to vanish from view of the few DNS resolvers dumb enough to do DNSSEC validation.
Observe how few of the major sites are DNSSEC-signed. In reality the only purpose signing has is allowing your site to vanish from view of the few DNS resolvers dumb enough to do DNSSEC validation.