I have DNS CAA configured at the subdomain level, and it tests correctly when I use the DNS Spy: CAA record validator.
However, when I test through SSL Server Test (Powered by Qualys SSL Labs) it shows:
|DNS CAA||No (more info)|
My understanding is that CAA can be configured at subdomain or domain level, subdomain taking precedence over domain where both are configured, so my configuration should produce a 'Yes' on SSL Labs.
I can only assume the CAA checker on SSL Labs only checks at the domain level, not the subdomain? For both tests I use the same URL.