From aa6431e6e7da10e2fa98d63f4589549c46c05dfe Mon Sep 17 00:00:00 2001 From: Jarrett Aiken Date: Sun, 8 Mar 2026 14:17:07 -0400 Subject: [PATCH] Use builders where possible. Minor changes and fixes. --- dnsconfig.js | 35 ++++++++++++++++++++++++++--------- 1 file changed, 26 insertions(+), 9 deletions(-) diff --git a/dnsconfig.js b/dnsconfig.js index 6cf6a94..3e0bcc0 100644 --- a/dnsconfig.js +++ b/dnsconfig.js @@ -9,15 +9,24 @@ var DNS_CLOUDFLARE = NewDnsProvider("cloudflare"); \* ****************************************************************************************************************** */ var rexbox = "rexbox.prm.achl.fr."; var rexcloud = "rexcloud.cld.achl.fr."; -var reportEmail = "0acbbb8a-1558-419a-ab2d-3f2773a1247d@arirex.email"; -var dmarcPolicy = "v=DMARC1; p=quarantine; adkim=s; aspf=s; rua=mailto:" + reportEmail + "; ruf=mailto:" + reportEmail + "; pct=100; fo=1"; +var reportEmail = "mailto:0acbbb8a-1558-419a-ab2d-3f2773a1247d@arirex.email"; +var dmarcRecord = DMARC_BUILDER({ + policy: "reject", + subdomainPolicy: "reject", + alignmentDKIM: "strict", + alignmentSPF: "strict", + rua: [reportEmail], + ruf: [reportEmail], + percent: 100, + failureOptions: "1", +}); DEFAULTS( DnsProvider(DNS_CLOUDFLARE), DefaultTTL(1), CF_MANAGE_COMMENTS, // opt into comments syncing CAA_BUILDER({ - iodef: "mailto:" + reportEmail, + iodef: reportEmail, iodef_critical: true, issue: ["letsencrypt.org"], issue_critical: true, @@ -30,7 +39,6 @@ DEFAULTS( }), ); - /* ****************************************************************************************************************** *\ Managed Domains \* ****************************************************************************************************************** */ @@ -61,7 +69,6 @@ D("achl.fr", REG_101DOMAIN, // Verifications TXT("_discord", "dh=d041188169640d1f23c6b379d97935981a7a07da", CF_COMMENT("Discord Verify")), TXT("_github-pages-challenge-arirexouium", "134234f292827135d74e0637efc575", CF_COMMENT("GitHub Pages Verify")), - ); /* -------------------------------------------------------------------------- *\ @@ -155,14 +162,19 @@ function cnames(domain, target, records) { */ function protonmail(verification, dkimKey) { return [ + // Stage 1: Verify + TXT("@", "protonmail-verification=" + verification, CF_COMMENT("ProtonMail Verify")), + // Stage 2: MX MX("@", 10, "mail.protonmail.ch.", CF_COMMENT("ProtonMail MX")), MX("@", 20, "mailsec.protonmail.ch.", CF_COMMENT("ProtonMail MX")), + // Stage 3: SPF TXT("@", "v=spf1 include:_spf.protonmail.ch mx ~all", CF_COMMENT("ProtonMail SPF")), - TXT("@", "protonmail-verification=" + verification, CF_COMMENT("ProtonMail Verify")), - TXT("_dmarc", dmarcPolicy, CF_COMMENT("ProtonMail DMARC")), + // Stage 3: DKIM CNAME("protonmail._domainkey", "protonmail.domainkey." + dkimKey + ".domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")), CNAME("protonmail2._domainkey", "protonmail2.domainkey." + dkimKey + ".domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")), CNAME("protonmail3._domainkey", "protonmail3.domainkey." + dkimKey + ".domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")), + // Stage 4: DMARC + dmarcRecord, ]; } @@ -173,13 +185,18 @@ function protonmail(verification, dkimKey) { */ function simplelogin(verification) { return [ + // Stage 1: Verify + TXT("@", "sl-verification=" + verification, CF_COMMENT("SimpleLogin Verify")), + // Stage 2: MX MX("@", 10, "mx1.simplelogin.co.", CF_COMMENT("SimpleLogin MX")), MX("@", 20, "mx2.simplelogin.co.", CF_COMMENT("SimpleLogin MX")), + // Stage 3: SPF TXT("@", "v=spf1 include:simplelogin.co ~all", CF_COMMENT("SimpleLogin SPF")), - TXT("@", "sl-verification=" + verification, CF_COMMENT("SimpleLogin Verify")), - TXT("_dmarc", dmarcPolicy, CF_COMMENT("SimpleLogin DMARC")), + // Stage 4: DKIM CNAME("dkim._domainkey", "dkim._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")), CNAME("dkim02._domainkey", "dkim02._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")), CNAME("dkim03._domainkey", "dkim03._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")), + // Stage 5: DMARC + dmarcRecord, ]; }