I don't get RRSIG's returned when I use "dig +dnssec" - why is this?
Most likely, the domain is not signed.
If it is signed, then check whether DNSSEC has been disabled on the nameserver you are querying. In BIND 9, DNSSEC is enabled by default, but can be disabled with:
If this has been done, the server will not return RRSIG records.