The link you posted doesn't even aim for replacing DNS, by the abstract and landing page it seems to be an experimental setup to replace the root zone which has been signed for nearly 10 years now. DNSSEC is a thing.
Don't really see what's hand-wavy about your parent comment tbh, the link you posted doesn't seem to address common scenarios like 51% attacks or even why our current system is flawed. The only tangible thing I can find in there is that they don't like trusting verisign - which is fine but really a weird narrative to demonstrate why the world needs that particular implementation.
It isn't hand-wavy. However, it is problematic when people propose solutions to fundamental design issues, without knowing the threat model.
In the link that was posted, a pollution of a distributed root zone will vitiate the entire Internet's DNS. That is the vulnerability, and there are many attacks that will achieve that for the link that was posted.
Don't really see what's hand-wavy about your parent comment tbh, the link you posted doesn't seem to address common scenarios like 51% attacks or even why our current system is flawed. The only tangible thing I can find in there is that they don't like trusting verisign - which is fine but really a weird narrative to demonstrate why the world needs that particular implementation.