validate resolver

First of all, change the /etc/named.conf

<code bash>
option {
  ...
  dnssec-enable yes;
  dnssec-validation yes;
  ...
};
</code>

as the name suggests, it will enable first the dnssec request/response, and then the security validator in BIND 9.X