Here is a nice online tool to help you adding the record manually.
This might not be saved on backups tho, so u should backup your DNS config somewhere else either.
If you want to go a step further, you may also want to enable HPKP on your web server by following the following guide.
However, a Man in The Middle (MITM) may be able to manipulate HTTP headers or even DNS records, so I don't see these methods as an exclusive security, just some precaution and hardening maybe.
By the way, if you have too many domain names and use the same CAs in them, you may want to write a simple script where u solely input the domain name and it does the rest for you.
Note: According to RFC 6844 you may set the flag to 0 or 128. 128 means no other CA than specified may issue (if CA supports CAA)