What you're talking about is being introduced alongside DNSSEC, and it's called DANE.
https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Na...