It looks like dnspython has DNSSEC, DoH, and DoQ support: test_dnssec.py: https://github.com/rthalley/dnspython/blob/main/tests/test_d... , dnssec.py: https://github.com/rthalley/dnspython/blob/main/dns/dnssec.p...

  man delv

thank you for linking this, i took a peek and i will look at the DNSSEC pieces in more detail. this is something i did not dare to touch when i saw the RFC jungle around DNS.