To turn on DNSSEC validation on your recusrsive resolver you only need to enable it and include the root trust anchor. For example on BIND /etc/namedb/named.conf you might look like below. Make sure to remove or comment (//) out "recursion yes" and "dnssec-validation yes" and do a "service named restart" when done with this exercize to return your nameserver to authoritative server mode.

# cat /etc/bind/named.conf

options {
        ...
	recursion yes;

        dnssec-validation yes;
	managed-keys-directory "/etc/bind/keys";

        allow-query { any; };
        ....
};
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

managed-keys {
// real root
"." initial-key 257 3 8
    "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQ
    bSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh
    /RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWA
    JQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXp
    oY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3
    LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGO
    Yl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGc
    LmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=";
// class root
"." initial-key 257 3 8 
    "AwEAAd48pv33mNzjgL+dT78CM9DouBVY2hUSOAIpVGpFN0c6jNaQOqO+ 
     YZVBRmePsx2Pbn8SHpSJwJdEWv8GtwFx1pcn3UPP4jjGxKP/uue5uTmx 
     BteLGfad2bK912e4xMJaou6LDeNKmh0CvnssKe8eI3gjvjQvRdRxakUB 
     kAJ1xkTs03+7IEBFMk2XOsAaoTbTmUr3rmVzUtDLFAt/qs14iwPDQ1IN 
     VYDjCOdJQ3Mh52t8qmktjH3njMJD7HQVOmlZdOkqCgzX55pXlhK5xtG3 
     UUOyQoVJeDPQwG9ZAdwsw9ZQYv9OBGLzgYBtN2EYM5q8TnkukoKwsfgn 
     FjSzydcGXFU=";
};