DNSSEC is a pain in the butt.
Too many half-baked standards, lots of concessions to legacy low-performance systems (KSK/ZSK dychotomy for example, or reliance on outdated crypto standards), stupid set-up requirements and performance at different registries (the Irish all but require you to fax in key material, if you're dealing with the Danish it may be impossible or at least hard for your registrar to automate processes, and generally you will have a lot of manual work to be done and paid for somewhere), and it's generally high-maintenance for the zone maintainer. You need to somehow set up and maintain a rollover mechanism, cater to all the above idiocy for every single registry you're dealing with, and then stupid ISPs will still randomly break name resolution so your company will randomly be unreachable in most of a country if it's the ex-state-telecom monopoly deciding to be the one.
It's just pain from start to finish, for little to no gain.
It's a bit like modern Web "standards": they're fine if you're a stereotypical tech hipster doing your little dysfunctional demo page, but once you need to do some work and generate revenue, you start to realise that all the specifications are more like rough guidelines that nobody follows and you are dealing with a deluge of fragmented little ecosystems, and if you can you just skip over the mess.
Biting the hand that feeds IT
