The DNSSEC specification was released in 2005 to help secure our DNS infrastructure and protect domains from being spoofed by implementing a PKI similar to what is used for SSL Certificates. Fast-forward to now and everyone is using it, right? Wrong. Not only are less than 1% of major websites using DNSSEC, but those that are arguably weaken their security posture by exposing all of their domains to reconnaissance by bad actors. In this talk we will walk through the history of DNSSEC, why its adoption has stalled, weaknesses in the spec and what we can learn to help build better systems to protect our DNS.