CAA record is a DNS record that shows who can be the Certification Authority for a particular domain and issue certificates.
What is Certificate Authority (CA)?
The CA is the entity that has the right to issue certificates like SSL certificates or TLS certificates. You can easily identify the CA, based on their name and their certificate revocation list (CRL). The Certificate Authority must provide a public key or a certificate from their CA if it is subordinate.
What is the CAA record?
The CAA record (Certification Authority Authorization) is a DNS record that a domain name owner can use to specify the certificate authority which can issue for their domain name. Inside the CAA, the domain owner can adjust the settings that cover the whole domain or just particular subdomains.
If you manage the CAA on a domain level, it will automatically apply on the subdomain level, too, unless you set it inside the record.
The CAA work with both wildcard certificates and single-name certificates. Separate and together too.