I think what you're saying is that since DNS is distributed, you can get information without needing to make all the calls you'd typically need to:

1. DNS query to IP
2. Call to IP
3. Get certificate
4. Call to CA(s)
5. Etc.

Now you just find the nearest DNS record, check it is signed correctly, and the data is there.

If this isn't it, I will have to tip my hat and admit this went over my head. 🧢