In that case, DNSSEC probably isn't doing much for you (besides the systemic effects of discouraging providers from returning false DNS results in the first place), but sadly not everything on the internet is so well-designed as ssh. Being unable to specify a port in MX records, leaving SMTP on port 25 with only STARTTLS for encryption being one good example.
