So when organizations hire people that do not understand the DNS or PKC to maintain their DNS then it is the organization's fault (rather than the person who made the change). I accept that and agree.
But if a bunch of large, well-staffed, engineering-focused, otherwise competent organizations manage to fuck it up regularly, the problem's probably above the individual organizations. Potentially with the spec itself.
I've seen far more failed certificate renewal failures than DNSSEC failures from the same teams you appear to be suggesting are perfect and the standard is flawed.
The consequences of a failed certificate renewal are much smaller than the consequences of a DNSSEC failure: if you screw up DNSSEC, your site falls off the Internet, as if it never existed.