DNSSEC & the use of it

I am aware, that my question may be a little bit out of the scope of ipfire.

Base case:
I have TLS over DNS and DNSSEC(of course) in my ipfire (core update 153) working.
I know how to check URLs if DNSSEC is used (via dig +dnssec …)

Are there any applications which the make use of the ad flag sent by the resolver in the ipfire or is this flag only nice to have?

Can’t tell without personally testing tbh or if someone has some feedback about this somewhere in the internet.

I did a lot of research in the internet.

Personally I think DNSSEC and DOT are good an necessary developments.

What I am concerned about is the fact that a resolver has as result the “ad” flag - and now? Do I know if the webpage for the bank with which I intend to transact money is the right one? Yes we have the certificates. What I understand is that DNSEC is a second barrier against evildoer in the net.

Apps for the verification in the browser are either outdated or refer there verification from the big techs.

So what I intended with my post is the question to the community about solutions to make use of the “ad” flag from the resolver in a certain kind of application.