We're on the road to DNSSEC
"It's no surprise, though: another key measure to secure the DNS, DNSSec, was first written in 1997 and after nearly 20 years has gone nearly nowhere."
The #1 Registrar in New Zealand, 1stDomains, doesn't offer DNSSEC capability. That is despite their claim to offer "the most advanced domain name management tools available"
When asked (last month) when they would get with the program, the answer was "Unfortunately, we do not have any plans to provide support for DNSSEC at present. Again, we apologise for any inconvenience this may cause for you."
So that's the kind of stupidity we're up against.
Perhaps if TLD Registries offered a small registration rebate on each domain that had DNSSEC enabled, things might change?