Their are basically 2 types of certificates. Domain-validated and Extended Validation (EV for short, the 'green addressbar' in most modern browsers).
The most 'sold' certificates at this point are domain-validated or similair. Which just says: the person or organisation that send us the request for signing also 'controls' the domain. They check the whois and some other things if you are lucky.
With EV they check those mentioned before but also if it is a real organisation, financially viable and whatever they do for paypal.com and your bank. Don't be surprised if it takes months to get one.
DNSSEC/DANE can never do what they do with the EV-certs, just the domain-validated.
The green-bar helps to prevent problems with a scammer at www.pay-pal.com to impersonate as www.paypal.com
Users should look out of the greenbar before they use the site.
So only the second type remains, as it was initially implemented.
For backwardscompatibility we'll have to use the CA's for domainvalidated for years to come anyway.