I am not sure that is true. CAA queries are done in parallel. See: Problems with CAA records only with Google and Let's Encrypt - #14 by aarongable
It is not clear to me whether an error closer to the TLD would be reported if there was a valid CAA record closer to the domain name. I am not proficient in Boulder 
@lucacasonato What is your failure rate for that domain? Are we talking like 50% or 1%?