And in fact work on the standards to make this happen is already done, as RFC 6698 - DANE, DNS Authentication of Named Entities for SSL / TLS protected services like HTTPS or IMAPS
For SSH it not only exists, as the SSHFP record but the software to support it is widely deployed (modern OpenSSH), if your organisation has DNSSEC signed DNS records and a vaguely modern resolver on machines that run SSH clients then you can put the public key signatures into DNS and throw away all those known_hosts files that are such a pain to maintain and distribute on big networks.
Actually getting DANE supported is a problem. Mozilla has sat on a Firefox patch for about a year, Internet Explorer would probably only introduce support if it became a Must Have for some reason. The bigger the dinosaur the more tempting it is to preserve the status quo, no matter how miserable that is for users.