This was already discussed here: Attack on domain verification with BGP hijacking
I mean at least the attack in general. About the DNS method here my opinion: If you access the records from various points this can of course increase the change that everything is correct there, but it's still problematic that it's just not signed. (Except you're using DNSSEC)
So I think the much better method is the 'Domain Validation with Server Name Indication' as this is the one which really works with the private key and a special (temporary) server configuration as far as I understand it.
And I think that's also the method which is described at https://letsencrypt.org/howitworks/technology/ where it says:
Along with the challenges, the Let’s Encrypt CA also provides a nonce that the agent must sign with its private key pair to prove that it controls the key pair.