CAA records let you specify which CAs you want to authorize to issue certificates for the given domain.
This is not perfect: CNAMEs get messy quickly, and you actually have to have your act together and know which domains are used where and how, e.g., with respect to third-parties you CNAME or delegate to.
But alright, as so often, it is what it is. Still better than allowing Honest Ahmed and his uncles and cousins to issue certs for your domains.
Let's take a look at how widely used CAA records actually are.