Yes, the trust model for TLS is broken and the handful of attempts made to fix it (Moxie's "Convergence" project from 2011[1], for instance) haven't born fruit.
However, in a security context "takes some effort" is far better than "takes no effort".
If CAA records (with DNSSEC) were used to reject certificates from the wrong issuer, we might even be able to get to "though very imperfect, takes a considerable amount of effort".
DANE is supposed to be the solution to this problem but it's absolutely awful to use and will lead to even more fragile infrastructure than we currently have with TLS certs (and also ultimately depends on DNSSEC). HPKP was the non-DNS solution but it was removed because it suffered from an even worse form of fragility that could lock out domains for years.
Do it and tell me you trust websites which have a green lock next to the url..