SSHFP DNS records are a useful feature which enables one to save SSH fingerprints in DNS, so that you don't have to check them manually. It would be useful if ssh-audit could check for existence of such records, compare them with actual fingerprints if they match and put recommendations to disable DSA and ECDSA records (if they exist) and enable RSA and ED25519 (if they don't exist).

It should also recommend to disable SHA1 type records, if enabled and enable SHA256, if disabled.