So you're excuse is that it's insecure but only to the government and you should be okay with systems insecure to the government? That's a sad state affairs if that's where the security community is.
It's not. The "security community" does not generally support DNSSEC. Most people in the security community don't think about DNSSEC, or DNS security, at all.
DNSSEC is being driven by three forces today:
1. The IETF, which has been working on it for 21+ years and has for the last 10 expressed continuing and increasing frustration that they can't just get the damn thing deployed.
2. The US Government, which is mandating its deployment in some circumstances.
3. CDN services like Cloudflare, who are interested in an Internet where standing up a server presence involves technology so complicated that almost nobody will DIY it. See: what happened with SMTP mail.
The only thing even theoretically secure to a government is another government, and reality almost always falls short of that. That has nothing to do with technology, just politics.
DNSSEC is being driven by three forces today:
1. The IETF, which has been working on it for 21+ years and has for the last 10 expressed continuing and increasing frustration that they can't just get the damn thing deployed.
2. The US Government, which is mandating its deployment in some circumstances.
3. CDN services like Cloudflare, who are interested in an Internet where standing up a server presence involves technology so complicated that almost nobody will DIY it. See: what happened with SMTP mail.