On the subject of "Things that should be in DNS" the public suffix list. Why on earth is data describing DNS trust boundaries not in the DNS? It's bizarre.

https://publicsuffix.org/

So here is my RFC to correct this deficit.

No public suffix records: suffixes are considered private trust them like you trust this domain. (I would like to invert this to suffixes default public and you mark them private but that conflicts with current practice)

TXT record 'v=PS1' suffixes under domain are considered public, treat as a trust boundary.

TXT record 'v=PS2 domain-fragment domain-fragment ...' suffixes under domain are considered public except for listed subdomains, those are private and under our control

and then let the ietf fight for a few years on why this does not work and how we need a huge recursive mess (cough SPF)

For dmarc purposes it is moving to DNS, with dmarcbis the psd tag and treewalk will replace hoping everybody uses the same file and keeps it up to date