Any DNS-based solution needs something like DNSSEC to work. I believe DNSSEC didn't exist yet when HTTPS was being developed and even if it did, it wasn't anywhere near ubiquitous enough. Is it even these days?
That's kind of like saying that any CA-based solution needs something like a root program. Sure, but that would just be part of creating a DANE-like solution. Both the current CA solution and DANE or another hypothetical DNS-based solution are fundamentally similar on a technical level: hierarchical delegation of authorization backed by public key crypto. The main difference is where on the delegation chain you limit authority for further delegation and who controls the root. The DNS-based approach has the crypto system reflect real ownership while the CA-based approach has browsers makers at the top and whoever pays enough money and hasn't publicly fucked up yet at the middle with delegated authority to sign literally everything.
That's one way to put it. Another way to put it is that the CA system keeps cryptographic trust managed by organizations that can easily be destroyed if they fail, while DANE's trust is practically irrevocable.
