I'm sorry I didn't make that more clearer - that was a hypothetical question. The question is a loaded question and it raises other deeper rooted issues like what you pointed out (MITM attacks against DNS being one such example).
There would have to be some sort of authoritative list where it says "this CA cert can sign certificates only for this domain". However, such a system I described would basically be CAs as they currently stand. The question/problem is who would maintain such a list? This is hard question considering we can't even agree on web standards coughMicrosoftcough.
Is that any worse than what we have now? If I can hijack your DNS, I can certainly insert or replace enough infrastructure to acquire a basic cert from numerous providers. All I really need is to hijack the MX. Bonus points if I can do it without you knowing, such that mail is first delivered to me and then on to you.
In other words, if you could put a CA into a TXT record at the root of the domain and have browsers/etc trust it, how is it any less secure than what we have now?
There would have to be some sort of authoritative list where it says "this CA cert can sign certificates only for this domain". However, such a system I described would basically be CAs as they currently stand. The question/problem is who would maintain such a list? This is hard question considering we can't even agree on web standards coughMicrosoftcough.