Having a CAA record and pointing to a CA like Let's Encrypt that uses domain validation from multiple vantage points on the Internet is a useful idea and raises the bar for an adversary.
I should point out that BGP attacks can also target the CAA records themselves since the DNS ecosystem is itself insecure. This is why such attacks are not easy to defend against, and require holistic improvements across internet routing, PKI, and web security practices.....
Indeed, a number of internet services and applications are vulnerable to BGP hijacking and interception attacks, including TLS/digital certificates, anonymity systems such as Tor, and cryptocurrencies such as Bitcoin.
I should point out that BGP attacks can also target the CAA records themselves since the DNS ecosystem is itself insecure. This is why such attacks are not easy to defend against, and require holistic improvements across internet routing, PKI, and web security practices.....