What really needs to happen is a complete redesign of how networking works. Many of the protocols that we currently use were developed in the 1960's and 1970's. In that period, ARPANET as it was called back then, connected universities and military installations together. Because of the caliber of the users back then, security wasn't a forethought, or an afterthought, for that matter. Fast forward to today, and much of the security that is now in place is patch after patching patch of bolt-on fixes for newly discovered vulnerabilities. DNS is no different. So we need a redesign of networking protocols which implement security from the start. However, 40+ years of code will have to be scrapped for that to work, which I do not see happening any time soon.