This article is from the Secure Sockets Layer Discussion List FAQ, by Shannon Appel SAppel@consensus.com with numerous contributions by others.
DNS is not a secure name service, and trying to treat it like one
could be a security hole. The purpose of checking the common name
against the URL is to make sure that at least the user's expectation
of what site the user is visiting is not compromised.