This is what is being discussed in Use DNSCrypt by default in Kicksecure? (not Whonix!) and in this forum thread here.
Use DNSCrypt by default in Kicksecure? (not Whonix!) is about the technical challanges.
This forum thread is about the challenge of default DNS provider selection.
Disregarding DNSSEC would allow to use DNSCrypt which doesn’t perform local DNSEC validation at time of writing as mentioned in the other forum thread.
Arguments against DNSSEC? Sounds like that deserves a dedicated forum thread.