DNSSEC does get you something today because an answer is not "correct" if it is unsigned, or
the signature is invalid, and you were expecting a signed response.
If your resolver can determine a chain of trust from an anchor (ideally the root servers, but
today it might be the Swedish ccTLD registry) down the DNS hierarchy to the requested address,
then it can (and if configured to do so) will authenticate the response.
At the anchor you use a locally configured key to verify the signed information about the next
level, and if that information contains a public key, you can use that to verify the next lot
of signed information, and so on until you've reached the point in the hierarchy you were
interested in, or you don't get a key and fall back to unauthenticated DNS.
If you install the Swedish TLD's DNSSEC public key and configure your resolver and/or
recursive server to use it, then you will have working DNSSEC today, for however many 2LDs
there are in their registry which have decided to use DNSSEC, and for any of their 3LDs and so
on as appropriate. Once you have set this up, any queries for these addresses will either give
you the authentic answer, or fail in some way (e.g. because the owner forgot to update their
key and doesn't have a system which handles it automatically), spoofing becomes impossible.