https://wiki.mozilla.org/Security/DNSSEC-TLS-nginx
"This page details how to set up a server running a modified version of nginx that uses a self-signed certificate with the DNSSEC TLS extension to authenticate https sessions. It's probably safest to do this in a virtual machine. However, for the brave, simply skip the VM-specific steps."