You still have CA, you've just decided that the CA needs to be the same people who run DNS, because ... well no good reason that I can think of. What does that gain you?
First, this is for Domain Validation certificates only. The normal CA process would still apply if you wanted an EV certificate—though you could restrict your domain to a specific EV certificate for additional security.
If someone has control over your domain records they can already obtain a DV certificate for your domain from just about any CA by redirecting the domain to their own servers. What DANE buys you is all the security you would get with Domain Validation minus the need to deal with two different CAs, one for DNSSEC and another for TLS.
As a bonus, with DANE records for a site "example.com." there are only three entities you need to trust: the domain administrator for "example.com.", the registrar for "com.", and the root authority. In the traditional CA system any CA can issue a certificate for any domain, so you're forced to trust dozens (if not hundreds) of CAs both to maintain the security of their signing keys and to refrain from issuing an unauthorized certificate for your domain. A breach at any one of those CAs can compromise the security of your site.