Well, while a CAA record is optional, if it doesn't exist then I expect that the DNS server needs to return NOERROR (indicating that the name exists, with zero CAA records) rather than NXDOMAIN (which indicates there really is nothing there).
Can you give more details on your DNS setup? I see NXDOMAIN for dfx-e645y8-master0.dfx-e645.js7g-3szl.dev.cldr.work when querying for A, AAAA, or CAA. Is this name supposed to be resolvable?