The problem
3

Now:
User browses the web: banking.example.org
Resolver considers the data bogus -> SERVFAIL
Curious user disables DNSSEC and continues surfing

What is better:
User browses the web: banking.example.org
Resolver considers the data bogus -> tells the app
Application shows popup
User can decide to abort or continue (ala https://)