Requirement for CAA-record in parent zone

They're permitted to. They're also permitted not to, which is the more secure, simple and standards encouraging design.

Currently the validator has no information about why a query failed, if DNSSEC is in use, or how many times it was retried. Guaranteeing BR compliance while loosening requirements on compliant and functional DNS may require non-trivial architectural changes on Let's Encrypt's part.

You should fix your DNS anyway.

(Well, until September they can do anything.)