“0” means the CA may continue to issue the the certificate if it does not understand the record. It’s like a non-crtiical X.509 extension.
“128” means the CA may not issue the certificate if it does not understand the record in question, so this would be like a critical X.509 extension.
That’s not to say that a CA who does not implement CAA at all will be affected in any way. This is just for CAs who already implement CAA in some way.
Let’s Encrypt will also interpret decimal “1” as a critical flag since this is a common misreading of the CAA RFC. Either way, decimal “128” would be the correct choice (and hopefully the one that’s compatible with all CAA implementations).
The iodef record can be used by CAs to report issuance attempts that failed to meet the CAA policy of a site to the site itself (via email or a web service). Let’s Encrypt currently does not support iodef, but you can create the record anyway for other CAs who do support it (note: I’m not sure if any do). As long as the record is marked as non-critical (0), Let’s Encrypt will continue to issue certificates.
The easiest option would probably be to use SSLMate’s CAA Record Generator, which provides the correct format for various DNS implementations.