It's not like anyone is actually monitoring it or would notice.

I know for a fact there are a lot of broken deployments out there, have been for a decade if not more, nobody really gives a rats ass.

From a technical perspective, lack of DNSSEC transparency is also a major downside of DNSSEC compared to WebPKI.