You joke, but this is indeed another reason we limit the number of SANs per certificate: we've seen authoritative DNS servers treat it as a DoS attack when we simultaneously look up 100 hostnames (and their CAA records) from multiple vantage points. (CAA lookups themselves are usually multiple queries, when the exact hostname doesn't have CAA and we "climb the tree" to the parent domain and TLD.)