DNSSEC and DNSCurve solve two different (though overlapping) problems. DNSSEC is about end-to-end authentication and validation: It strives to ensure that the data you received is the data the actual owner of a name server intended to send, unaltered by anyone along the way. DNSCurve is about ensuring a trustworthy connection between the authoritative name server and the resolver (and incidentally about encrypting queries, which is nice), but it doesn't do a thing to keep the resolver from lying to you. Man in the middle is a problem with DNS, as anyone who stays in hotels frequently can attest.
As for set-it-and-forget-it, if you use BIND 9.7 (on which, full disclosure, I was the lead engineer), it comes pretty close. If you don't roll keys, it can maintain itself forever, and you can roll ZSK's with a cron job. Rolling KSK's still requires operator intervention in most cases. (But rolling keys is optional; people with higher security needs will want to do it often, but low-value targets can get away with doing it infrequently or never.)