[xythian]

I'd love to know why some of the major companies of the internet aren't using DNSSEC.

Google, Amazon, Facebook, Twitter, Microsoft, Netflix, etc. don't have DNSSEC enabled for their domains.

Is it as simple as they're just concerned about the occasional DNS request failing to do DNSSEC issues and thus reducing precious traffic?

[tptacek]

The reliability hit is almost certainly the major reason, followed by the administrative hassle (you might be as surprised as I was, after joining Fly and writing about our certificate infrastructure, what a giant hassle TLS certificate management is to bigger companies --- and that's just TLS, which is simpler to manage than DNSSEC).

But against that you have to pit the marginal --- practically nonexistent --- security benefit you'd get from all the work you'd put in.

Everyone has more important things to do.