Lightboard Lessons: DNSSEC

I have paused video at 3:36 to make comment. I will pick up later. Forgive me if I am confused, but I am happy to getclarification. The point at which you introduce bad guy, seems like a situationwhere one hijacks a website because it can present a certificate to say I am example.com. DNS poisoning which is the main reason for the introduction of DNSSec is when an attacker responds to a DNS query to a resolver with an incorrect IP address for example.com faster than the real DNS server. So the resolver server will send the wrong address to the requesting client. Because the communication use UDP hence the insecurity. SO the DNSSec was meant to validate who is a valid server to accept the DNS response from. The example here seems to illustrate a problem between the client and the website. Who gave the client the fake website IP address? Not the bad guy, but the clients own DNS server which got it from bad guy when client DNS server went to look up the IP address. Am I completely confuse here?