Thanks for the congratulation for the site, the points are going the other two members of the team. They developed the site, the app and the underlying API.
The DKIF public key is stored as a TXT record in the DNS. As an example, here is the public key pair of the key that we use for signing at https://lumenbox.org:
$ dig +short -t txt federation._stellardomainkey.lumenbox.org
Your question about DNS server mentions a very important point. Although, DKIF is a significant and very important step towards a secure Stellar Federation protocol (as signing the federation record reduces the attack surface with the federation and the web server), it is not an all-in-one solution which mitigates all the possible attack vectors alone. It is very important to understand that securing the underlying protocols and infrastructure are still required!
Taking over the DNS request/response is a very powerful attack and an attacker has many different possibilities/places to do so. It is extremely difficult to properly protect the name resolution against these.
In case an attacker is able to take over the DNS server which serves your records (or your account at the registrar who registered your domain ) then basically he owns your domain. He can simply resolve the records of the domain to his own IP and start to serve the federation responses from his own federation server (some ISP may cache the DNS records so it may take few hours until all the federation requests will be directed to his server) after he got a TLS cert to your domain from one of the automated cert providers which use Domain Validation.
There are some ways to try to prevent this (DNNSEC is probably the best and could delay the real problem a bit but unfortunately apart from other weaknesses, the client resolver must support it otherwise it is useless and it is often not the case!).
These are serious risks but it is more likely that the attacker take over the client itself (like has a software on your PC on which you use your wallet) and just simply get your Stellar Secure Seed when you log in to your wallet or sign a transaction
So, all in all, there is no bulletproof solution out there but we should try to improve the security posture with solutions which does not "cost too much".