Face it: the current DNS system is somewhat flawed. It is very easy for spammers to obtain buttloads of addresses, while companies are forced to buy new addresses (such as microsoft.xxx) for defensive purposes. In addition, the US government has proved it has the authority to take down addresses at a mere whim.
My proposal, a DNS registration/management system that is independent of any governing body, with no registrar-specific TLD system and a filtering system to weed out spammers.
how the regisistrar-specifc TLD system will work is this: instead of having subdomain.domain.tld (store.microsoft.com), we have domain.subdomain (microsoft.store). this also means you can have no subdomain (microsoft), but a simple method of not mistaking URLs for search terms is needed, like requiring a "." at the end of the domain name (microsoft.). subpages will still work the same way (microsoft/home/index.html). A registrar can have subdomains (such as microsoft.store or microsoft.help) which the DNS serve can point to different IP addresses, and anything else entered as a subdomain (such as microsoft.biz) will automatically redirect to the default domain, where the registrar can choose to redirect using their own dns (saving on registration costs, but requiring them to run their own dns server). A registrar can turnaround and sell subdomains at a cheap price (EG: a registrar can obtain "site" and sell off subdomains for cheap (site.suddenlypugswebcomics)
As for filtering: the DNS servers will automatically reserve TLDs for verified URLs (such as microsoft.com or google.com), so when these companies do not need to fight for their addresses when they register a tld on this "darknet." additionally, a filtering mechanism will block someone from automatically registering a domain very similar to an existing one (like microsoftt), with a manual verification process if your domain is legit.
Additionally, the DNS register can also be constantly scanning domains, flagging domains that contain what appears to be spam and stuff, or domains where many many domains are very identical.
The current DNS server system will work, but there would need to be either a central registrar organization or a method of ensuring that domain conflict (such as two registrars obtaining the same domain name) doesn't happen. It may be possible to have middlemen registrars, but it has to be ensured that these middlemen don't obtain domains in advanced.