There are people who store historical DNS records for forensic and validation purposes. And any CA worth its salt that does DV will be doing the same for any domain they're issuing certs for, at a minimum.
Point is, people will be able to figure out that you're lying if you attempt to claim that the cert was issued incorrectly.
Ah, quite interesting, thanks for that. On one hand, sounds good that the obvious loophole is not wide open, on the other, it smells a bit like self regulation. I guess the next frontier is getting one of these historical DNS records made readily available alongside the CT logs.
Point is, people will be able to figure out that you're lying if you attempt to claim that the cert was issued incorrectly.