For a domain like cmp.daskochrezept.de, we do a CAA lookup for cmp.daskochrezept.de first. If that's not found, we then check daskochrezept.de, and finally check de.
There is an overall timeout, so if your DNS server is a little bit slow, large validations can fail. Because de is last, it does mean previous lookups succeeded, but you're hitting timeouts.
The best mitigation, if you can, is to just add CAA records allowing issuance as far down as you can.
The Nov 23 thread was due to a broken DNS implementation, and probably isn’t related.