Certification Authority Authorization (CAA) records have become more relevant in the last couple of years because in 2017 the CA/Browser Forum voted to make CAA mandatory for all Certificate Authorities.
What this means that domains will need to assert via DNS records (the CAA DNS RType) which CA’s are permitted to issue certificates for your domains.
Think of it as “sort of like SPF, but for SSL/TLS certs”.
The CAA RRType is supported by all DNS service levels.
