Enabling DNSSEC on the cluster level

Cluster information:

Kubernetes version: v1.27.1
Cloud being used: bare-metal
Host OS: Ubuntu 20
CNI and version: calico v3.25.1
CRI and version: containerd://1.6.12z

I am trying to enable DNSSEC for the cluster services, I have generated the keys and have applied it to the Corefile. However after enabling it using the plugin the output is not showing the ad flag.

apiVersion: v1
data:
  Corefile: |
    .:53 {
        errors
        health {
           lameduck 5s
        }
        ready
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           fallthrough in-addr.arpa ip6.arpa
           ttl 30
        }
        prometheus :9153
        forward . /etc/resolv.conf {
           max_concurrent 1000
        }
        cache 30
        loop
        reload
        loadbalance
        dnssec cluster.local {
           key "cluster.local. IN DNSKEY 256 3 8 AwEAAcc2NC0LdPPUVmxO9UiZwbtxPLpmCrhnD+L4bZRIqir4zLK+eL31 pxcpRtWm9RtX4xXQ+RhmWBJ6I98qnpKGUlsPKJzzLXAavbYUjzLGS9IV t7lYfxNYDwJAGFHd4Osenz+VyyOZ57Vc4BPl7FFiJNiJR1X9EwTPqxvw LiOkLXIVdnIisO5aWPREeCnVGJLRl/D77skw8Is89LTNGStIb2uWfwLX GHuEoSKEnBc9j9h9hSg7oGG/fL5LwDqtQBX5BisW88yj1kZSbeLcZEEh NdDFIEgbSOW6iwjVDlfmy8k9+WohUNh97n2gmilokUaf9bsq+yCiG5BB Dfrvz0EuTOE="
        }
    }
kind: ConfigMap
; <<>> DiG 9.16.1-Ubuntu <<>> 192-168-235-129.test-pod.default.svc.cluster.local. +dnssec
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 21104
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 65494
; OPT=5: 05 07 08 0a 0d 0e 0f (".......")
; OPT=6: 01 02 04 ("...")
; OPT=7: 01 (".")
;; QUESTION SECTION:
;192-168-235-129.test-pod.default.svc.cluster.local. IN A

;; Query time: 4 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue May 23 02:44:28 UTC 2023
;; MSG SIZE  rcvd: 102

Does any of you have an Idea to enable DNSSEC on the cluster services?