[tptacek]

The reliability hit is almost certainly the major reason, followed by the administrative hassle (you might be as surprised as I was, after joining Fly and writing about our certificate infrastructure, what a giant hassle TLS certificate management is to bigger companies --- and that's just TLS, which is simpler to manage than DNSSEC).

But against that you have to pit the marginal --- practically nonexistent --- security benefit you'd get from all the work you'd put in.

Everyone has more important things to do.