The advantage of key continuity (the better term than "TOFU") over top-down PKI is that key continuity works at scale, and PKI does not. As you note: key continuity schemes admit to straightforward enhancements, like preload registries, that PKIs don't.
I don't really want to go too far down this rabbit hole, but if a lawyer firm came to us for advice and told us they run their own mail server "for security reasons", we would tell them for security reasons to stop doing that.
Yes, people will continue advocating for and noodling around with DNSSEC, the same way they do with PGP key servers and custom cipher cascades. But that's not the test for whether a technology is successful --- at least not these kinds of technologies. It is looking less and less likely --- I'd say we're past the event horizon now --- that DNSSEC will ever be a mainstream component of the Internet security model.
We have had a similar protocol for TOFU on the web for a very long time called HTTP Public Key Pinning, and it did nothing to deprecate PKI. It is a bit telling that google actually removed HTTP Public Key Pinning in 2017 from chrome.
I can't speculate if DNSSEC can continue grow or will fall in use in some unspecified future, but I suspect that a TOFU version of key pinning for email server won't be the death knell. If it work it is because the wast majority of email traffic is located in basically a handful of companies, which is why the wast majority of domain owners won't notice a difference. I would assume Microsoft already pins the certificate of Google servers and vice verse.
I'm not saying that global key continuity schemes always work, only that they have worked (SSH is the best-known example), where global PKI schemes have never once worked.
Late edit:
But note: Google didn't follow up the deprecation of HPKP by promoting DANE. Rather: CT is working, and given that, HPKP wasn't worth the hassle. CT doesn't depend on DNSSEC either!
I don't really want to go too far down this rabbit hole, but if a lawyer firm came to us for advice and told us they run their own mail server "for security reasons", we would tell them for security reasons to stop doing that.
Yes, people will continue advocating for and noodling around with DNSSEC, the same way they do with PGP key servers and custom cipher cascades. But that's not the test for whether a technology is successful --- at least not these kinds of technologies. It is looking less and less likely --- I'd say we're past the event horizon now --- that DNSSEC will ever be a mainstream component of the Internet security model.