3. A user looks up Site A in the BitDNS record and gains it's IP address AND Hash(KeyA)
I don't know about step 3. That is, I wonder if it's sufficient to simply have A's public key and then get the IP address through other means, making sure it's signed by A's key.
Yes, all than needs to be included in the block chain is Site A's name and a hash of Site A's Public key. Gaining access to the site via their IP address can be done through any method. The point is that it is impossible to 'pretend' to be 'Site A' without having Site A's private key.