Certification Authority Authorisation (CAA)
Certification Authority Authorisation (CAA) allows a DNS domain name holder to specify one or more Certification Authorities (CAs) authorised to issue certificates for that domain. This way a public Certification Authority can implement addition controls to reduce the risk of unintended certificate mis-issue. Earlier this year a ballot passed to make CAA checking mandatory. Which means that a CA will check the authorisation before issue-ing a certificate.
This article also describes how it works and how to configure this for your domain.