[belorn]

That would be the volume of traffic being sent over DoH compared to the volume of traffic from every recursive and authoritative dns servers that support dnssec.

It would interesting to see statistics. I wouldn't assume anything in that race. Some TLD's which are signed has quite a lot of traffic going through them on any given day, and most resolvers connecting to those have dnssec enabled by default. There are published statistics for this, but I can't find anything similar from either google or cloudflare.

[tptacek]

All traffic sent over DoH is protected. Most traffic --- the overwhelming majority of traffic --- sent through a DNSSEC-verifying resolver isn't signed by DNSSEC, because the overwhelming majority of zones --- and an even higher proportion of popular zones, by any reasonable metric of popularity you choose (I use the Moz 500) --- aren't signed.