This paper contains factual mistakes and will be edited soon
Hey, its great to see more excitement around the best ways to relay DNS on chain! We agree it is a key piece of critical infrastructure for much of the web2 to web3 verification.
However, your proposal seems to rely on this statement: “The party using the certificates (usually just the server, but the client can use them too) also signs its messages with the key whose public key is set in the certificate.”, but i dont see any such signatures mentioned in RFC 7858 (RFC 7858 - Specification for DNS over Transport Layer Security (TLS)). Can you provide information on where you found this information? Without this signature, this protocol is no better than trusting a notary to relay the TLS result, as TLS by default is unsigned.
Edit: Unfortunately DNS over TLS is unsigned, as is DNSCrypt.
Most other approaches to DNS verification on chain require either bootstrapping a new network or economic security via global consensus via staking or other protocols/consensus mechanisms.