To turn on DNSSEC validation on your recusrsive resolver you only need to enable it and include the root trust anchor. For example on BIND /etc/namedb/named.conf you might look like below. Make sure to remove or comment (//) out "recursion yes" and "dnssec-validation yes" and do a "service named restart" when done with this exercize to return your nameserver to authoritative server mode.
# cat /etc/bind/named.conf options { ... recursion yes; dnssec-validation yes; managed-keys-directory "/etc/bind/keys"; allow-query { any; }; .... }; zone "." { type hint; file "/etc/bind/db.root"; }; managed-keys { // real root "." initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQ bSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh /RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWA JQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXp oY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3 LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGO Yl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGc LmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0="; // class root "." initial-key 257 3 8 "AwEAAd48pv33mNzjgL+dT78CM9DouBVY2hUSOAIpVGpFN0c6jNaQOqO+ YZVBRmePsx2Pbn8SHpSJwJdEWv8GtwFx1pcn3UPP4jjGxKP/uue5uTmx BteLGfad2bK912e4xMJaou6LDeNKmh0CvnssKe8eI3gjvjQvRdRxakUB kAJ1xkTs03+7IEBFMk2XOsAaoTbTmUr3rmVzUtDLFAt/qs14iwPDQ1IN VYDjCOdJQ3Mh52t8qmktjH3njMJD7HQVOmlZdOkqCgzX55pXlhK5xtG3 UUOyQoVJeDPQwG9ZAdwsw9ZQYv9OBGLzgYBtN2EYM5q8TnkukoKwsfgn FjSzydcGXFU="; };