However, 9.9.9.10 does not perform DNSSEC validation, as 8.8.8.8 (Google), 64.6.64.6 (Verisign), 9.9.9.9 (Quad9), and now 1.1.1.1 (CloudFlare) do, so results may not be as trustworthy.

It does.

  $ dig @9.9.9.10 +dnssec +short verisignlabs.com
  72.13.58.64
  A 8 2 3600 20180413202737 20180330202737 31485 verisignlabs.com. KrnT9i6qytaYWDZWThBmBwc6anOmawNxJTxmSlpaY3L7Yfupga9FS70l 8nMVp8ggbEtA+CnS9AbNwObkPaYvk3nFpDvo4C+2hg+PECsP1HVTgGxl G3eblfnYAMNfYzLYlfUnSBgM7kLSIXY4rLBxsl01KiPJYezNhmQ53KYf ygs=