Yes I think we should have an event kind that allows somebody to cryptographically bind an IP address and port (SocketAddr) to a relay's keypair.  But we would need:

1) Relays to have keypairs
2) Nostr to reference relays by keypair instead of by url
3) A means of distributing the binding event (because of the chicken-and-egg problem) maybe just blast them, or maybe a DHT.

It's a great idea for nostr2, so nostr2 won't be dependent on DNS and shoudn't need to be dependent on SSL certificates issued by CAs that nobody really trusts anyways.