DNS is not (yet) generally secured. An attacker who e.g. controls a wifi AP can just substituted their own DNS responses and redirect users to their own addresses, and their servers have valid certificates for the domains that they're supposed to be, so from the user side everything looks fine.