CAA Records

Put simply Certification Authority Authorization or CAA is a speical type of DNS records that allows you to inform a certification authority if they are allowed to issue certificates for a domain (or subdomain).

The standard is not that common at the moment but is begenning to get traction. The CA forum has mandated it as Qualys Reported

In this example is allowed to have certificates issued by either Comodo or lets encrypt. Any violations are reported to hositng e-mail address. The 128 means it is critical failure.    3600    IN      CAA     128 iodef ""    3600    IN      CAA     128 issue ""    3600    IN      CAA     128 issue ""    3600    IN      CAA     128 issuewild ";"

The DNS CAA records can be confirmed with ssllabs test
image of SSL Labs Test

You can generate your own using this great opensource tool from SSL Mate