Make sure your upstream DNS servers do support DNSSEC. The feature itself definitely works, and there isn't much to it, beside a checkbox that tells dnsmasq to enable it.
Also, don't forget that DNS resolution get cached at multiple levels. If you enable on the webui and you immediately try to re-access the same test site, chances are your browser AND your computer both already have the previous result in their cache, so you will still access the broken site - you won't even have asked your router for the website's IP.
Also, don't forget that DNS resolution get cached at multiple levels. If you enable on the webui and you immediately try to re-access the same test site, chances are your browser AND your computer both already have the previous result in their cache, so you will still access the broken site - you won't even have asked your router for the website's IP.