Use builders where possible. Minor changes and fixes.

dnsconfig.js

@@ -9,15 +9,24 @@ var DNS_CLOUDFLARE = NewDnsProvider("cloudflare");
 \* ****************************************************************************************************************** */
 var rexbox = "rexbox.prm.achl.fr.";
 var rexcloud = "rexcloud.cld.achl.fr.";
-var reportEmail = "0acbbb8a-1558-419a-ab2d-3f2773a1247d@arirex.email";
+var reportEmail = "mailto:0acbbb8a-1558-419a-ab2d-3f2773a1247d@arirex.email";
-var dmarcPolicy = "v=DMARC1; p=quarantine; adkim=s; aspf=s; rua=mailto:" + reportEmail + "; ruf=mailto:" + reportEmail + "; pct=100; fo=1";
+var dmarcRecord = DMARC_BUILDER({
+  policy: "reject",
+  subdomainPolicy: "reject",
+  alignmentDKIM: "strict",
+  alignmentSPF: "strict",
+  rua: [reportEmail],
+  ruf: [reportEmail],
+  percent: 100,
+  failureOptions: "1",
+});
 
 DEFAULTS(
   DnsProvider(DNS_CLOUDFLARE),
   DefaultTTL(1),
   CF_MANAGE_COMMENTS, // opt into comments syncing
   CAA_BUILDER({
-    iodef: "mailto:" + reportEmail,
+    iodef: reportEmail,
     iodef_critical: true,
     issue: ["letsencrypt.org"],
     issue_critical: true,
@@ -30,7 +39,6 @@ DEFAULTS(
   }),
 );
 
-
 /* ****************************************************************************************************************** *\
   Managed Domains
 \* ****************************************************************************************************************** */
@@ -61,7 +69,6 @@ D("achl.fr", REG_101DOMAIN,
   // Verifications
   TXT("_discord", "dh=d041188169640d1f23c6b379d97935981a7a07da", CF_COMMENT("Discord Verify")),
   TXT("_github-pages-challenge-arirexouium", "134234f292827135d74e0637efc575", CF_COMMENT("GitHub Pages Verify")),
-
 );
 
 /* -------------------------------------------------------------------------- *\
@@ -155,14 +162,19 @@ function cnames(domain, target, records) {
  */
 function protonmail(verification, dkimKey) {
   return [
+    // Stage 1: Verify
+    TXT("@", "protonmail-verification=" + verification, CF_COMMENT("ProtonMail Verify")),
+    // Stage 2: MX
     MX("@", 10, "mail.protonmail.ch.", CF_COMMENT("ProtonMail MX")),
     MX("@", 20, "mailsec.protonmail.ch.", CF_COMMENT("ProtonMail MX")),
+    // Stage 3: SPF
     TXT("@", "v=spf1 include:_spf.protonmail.ch mx ~all", CF_COMMENT("ProtonMail SPF")),
-    TXT("@", "protonmail-verification=" + verification, CF_COMMENT("ProtonMail Verify")),
+    // Stage 3: DKIM
-    TXT("_dmarc", dmarcPolicy, CF_COMMENT("ProtonMail DMARC")),
     CNAME("protonmail._domainkey", "protonmail.domainkey." + dkimKey + ".domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")),
     CNAME("protonmail2._domainkey", "protonmail2.domainkey." + dkimKey + ".domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")),
     CNAME("protonmail3._domainkey", "protonmail3.domainkey." + dkimKey + ".domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")),
+    // Stage 4: DMARC
+    dmarcRecord,
   ];
 }
 
@@ -173,13 +185,18 @@ function protonmail(verification, dkimKey) {
  */
 function simplelogin(verification) {
   return [
+    // Stage 1: Verify
+    TXT("@", "sl-verification=" + verification, CF_COMMENT("SimpleLogin Verify")),
+    // Stage 2: MX
     MX("@", 10, "mx1.simplelogin.co.", CF_COMMENT("SimpleLogin MX")),
     MX("@", 20, "mx2.simplelogin.co.", CF_COMMENT("SimpleLogin MX")),
+    // Stage 3: SPF
     TXT("@", "v=spf1 include:simplelogin.co ~all", CF_COMMENT("SimpleLogin SPF")),
-    TXT("@", "sl-verification=" + verification, CF_COMMENT("SimpleLogin Verify")),
+    // Stage 4: DKIM
-    TXT("_dmarc", dmarcPolicy, CF_COMMENT("SimpleLogin DMARC")),
     CNAME("dkim._domainkey", "dkim._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")),
     CNAME("dkim02._domainkey", "dkim02._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")),
     CNAME("dkim03._domainkey", "dkim03._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")),
+    // Stage 5: DMARC
+    dmarcRecord,
   ];
 }