When I enable DNSSEC, some sites fail to resolve, I contacted staff on one of them asking to check what was up, and confirmed that DNSSEC was enabled and working their end, but was given this info about Cloudfare sites and advised to let you guys know
ECDSA is not without its trade-offs. According to Roland van Rijswijk-Deij et al., only 80% of resolvers support ECDSA validation. This number is growing, but it means that if we switched the entire DNSSEC Internet onto ECDSA right now, DNSSEC validation would fail for millions of Internet users everyday and fall back to returning unverified DNS records.
Furthermore, while ECDSA signature creation is faster than RSA, signature validation is actually much slower. Roland van Rijswijk-Deij et al. showed that, even with the ECDSA optimizations that we contributed to OpenSSL, ECDSA is still 6.6 times slower than 1024-bit RSA (which is the most common algorithm used for zone-signing keys). This is a serious problem, because overloading DNS resolvers could potentially slow down the entire Internet.
EDIT - I'm told that we can't access some websites because they're using algorithm 13 (ECDSA). Websites like pingdom will give you a non-working result where as websites such as dnsviz will give you a working result.