[jchw]

I don't think DNS-over-HTTPS precludes the use of DNSSEC - I think the intent is that eventually, you will in fact use both in tandem. DNSSEC alone would only give you the ability to check the integrity of a record, but DNS-over-HTTPS makes the transaction confidential and prevents third parties from censoring the request.

[Klathmon]

I guess I was just heading off the flurry of comments along the lines of "Why use DoH when we have DNSSEC?" that always seem to come up when discussing DoH.

[pornel]

DNSSEC has no encryption. It's not for privacy at all.

[bluejekyll]

Right, DNSSEC is about validating the authenticity of the DNS Record in a DNS Message, whereas DNS-over-TLS/HTTPS is about establishing authenticity and privacy with the upstream resolver.

In theory if the upstream resolver is using DNSSEC to validate all the Records, then the client over the TLS session can be fairly confident in the Records it receives.