我正在写一个脚本来验证使用dnspython的RRSIG，但是我的代码有问题。以下是一个代码段及其附带的错误消息：

domain = 'iana.org'
server = '8.8.8.8'

qname = dns.name.from_text(domain)

# get DNSKEYs
DNSKEY_query = dns.message.make_query(qname, dns.rdatatype.DNSKEY, want_dnssec=True)
(DNSKEY_response, _) = dns.query.udp_with_fallback(DNSKEY_query, server)
dnskey_set, dnskey_sig = DNSKEY_response.answer

# get RRset and RRsig to verify
query = dns.message.make_query(qname, dns.rdatatype.NS, want_dnssec=True)
(response, _) = dns.query.udp_with_fallback(query, server)
rrset, rrsig = response.answer
dns.dnssec.validate(rrset, rrsig, {dns.name.empty: dnskey_set}, None)

错误消息

Traceback (most recent call last):
  File "dnssec_validator.py", line 107, in <module>
    dns.dnssec.validate(rrset, rrsig, {dns.name.empty: dnskey_set}, None)
  File "/home/user/PycharmProjects/RPKIDNSSEC/venv/lib/python3.6/site-packages/dns/dnssec.py", line 494, in _validate
    raise ValidationFailure("no RRSIGs validated")
dns.dnssec.ValidationFailure: no RRSIGs validated