Rated 3 out of 5 stars
The overall idea of this plugin is good and urgently needed. Also, I like the simple user interface abstraction it provides.
However, there are one and a half major downsides to this Addon. The first and most important is: It does not integrate well with proxies or Tor(button). If you use a proxy or Tor, this plugin will leak which sites you are surfing to. This seems to be because of problem number 2, which might also be due to Mozilla Firefox itself: it seems that the plugin does not actually modify the DNS queries of Firefox, but that it later does a DNSSEC enabled DNS query for the same hostname and verifies that. If it was integrated (I wonder if the current Firefox API would permit that), the first problem would not occur. Also, there would be much less DNS traffic from Firefox. And I wonder: If there is an attack on DNS which redirects my request to a malicious host: will the Validator recognize this and stop the request in time before e.g. a session cookie is sent?
Tor is incompatible with DNSSEC Validator
In general, DNSSEC nad SOCKS proxy do not mix well. Thus Tor with DNSSEC Validator is a bad idea (I'll add it to documentation).
The Validator does extra queries since the DNS resolver used by Firefox might not be a validating resolver (notice that there are settings for extra resolver). As of this moment, Firefox does not support DNSSEC internally.
Attacks: yes, there are few ISPs that hijack DNS queries (especially for search engines like Google) for ad revenue. Unfortunately, the checking is asynchronous, meaning that such cookie may get to bad host before notification unless you install validating resolver locally or on LAN (see unbound.net).