alt Hacker NewsCT seems useless for DANE because the cert is self signed, so anyone can just flood the CT with self signed certs for your website. It's useful with WebPKI because only certs signed by a CA go in CT and it's a big deal if one is mis-issued. Anyone can mis-issue a self-signed cert at home for fun.
You'd have to do something like pre-publish in DNS, submit to CT which verifies that it's in DNS before logging. And the CT could rate limit on domain name or something to reduce abuse.