The CAA record
The CAA (certification authority authorisation) record is used to limit the Certificate Authorities that are allowed to generate certificates for a given domain.
Here, we query for
CAA records of the domain
The result is a record with the tag
"issue", the certificate authority
"some.certificate.authority", and the critical flag not set.
$ dog CAA caa-example.lookup.dog CAA caa-example.lookup.dog. 1h00m00s "issue" "some.certificate.authority" (non-critical)