I don't think DNSSEC is an improvement. I think that when you take a fragile and problematic security model, reimplement it from the bottom up in a setting that's even more restrictive than HTTPS, bake the result into the core of the Internet (or rather, the fraction of the core of the Internet that knows how to be a full-fledged DNS server), cause untold disruption the network as a whole and incur tens of millions of dollars in administrative overhead that could have gone to other security objectives, you are very likely looking at a measure that maybe just maybe might be a tiny step backwards.