Comment by tptacek

No, not as a general rule they aren't. And remember, the DNSSEC record delivery problem isn't an issue for the majority of all browser sessions, just a small minority that are on paths that won't pass DNSSEC records reliably. Since you can't just write those paths off, and you can't really reliably detect them, you end up needing a resolution fallback --- at which point you might as well not be using DANE.

This was a big enough issue that there was a whole standards push to staple DNSSEC records to the TLS handshake (which then fell apart).