diff --git a/src/yunohost/domain.py b/src/yunohost/domain.py
index 456dfa4bf..23b5a4179 100644
--- a/src/yunohost/domain.py
+++ b/src/yunohost/domain.py
@@ -236,8 +236,7 @@ def domain_dns_conf(domain, ttl=None):
             for record in record_list:
                 result += "\n{name} {ttl} IN {type} {value}".format(**record)
 
-    is_cli = True if msettings.get('interface') == 'cli' else False
-    if is_cli:
+    if msettings.get('interface') == 'cli':
         logger.info(m18n.n("domain_dns_conf_is_just_a_recommendation"))
 
     return result
@@ -406,10 +405,8 @@ def _build_dns_conf(domain, ttl=3600):
         "basic": [
             # if ipv4 available
             {"type": "A", "name": "@", "value": "123.123.123.123", "ttl": 3600},
-            {"type": "A", "name": "*", "value": "123.123.123.123", "ttl": 3600},
             # if ipv6 available
             {"type": "AAAA", "name": "@", "value": "valid-ipv6", "ttl": 3600},
-            {"type": "AAAA", "name": "*", "value": "valid-ipv6", "ttl": 3600},
         ],
         "xmpp": [
             {"type": "SRV", "name": "_xmpp-client._tcp", "value": "0 5 5222 domain.tld.", "ttl": 3600},
@@ -426,6 +423,10 @@ def _build_dns_conf(domain, ttl=3600):
             {"type": "TXT", "name": "_dmarc", "value": "\"v=DMARC1; p=none\"", "ttl": 3600}
         ],
         "extra": [
+            # if ipv4 available
+            {"type": "A", "name": "*", "value": "123.123.123.123", "ttl": 3600},
+            # if ipv6 available
+            {"type": "AAAA", "name": "*", "value": "valid-ipv6", "ttl": 3600},
             {"type": "CAA", "name": "@", "value": "128 issue \"letsencrypt.org\"", "ttl": 3600},
         ],
         "example_of_a_custom_rule": [
@@ -437,32 +438,21 @@ def _build_dns_conf(domain, ttl=3600):
     ipv4 = get_public_ip()
     ipv6 = get_public_ip(6)
 
-    basic = []
+    ###########################
+    # Basic ipv4/ipv6 records #
+    ###########################
 
-    # Basic ipv4/ipv6 records
+    basic = []
     if ipv4:
-        basic += [
-            ["@", ttl, "A", ipv4],
-            ["*", ttl, "A", ipv4],
-        ]
+        basic.append(["@", ttl, "A", ipv4])
 
     if ipv6:
-        basic += [
-            ["@", ttl, "AAAA", ipv6],
-            ["*", ttl, "AAAA", ipv6],
-        ]
+        basic.append(["@", ttl, "AAAA", ipv6])
 
-    # XMPP
-    xmpp = [
-        ["_xmpp-client._tcp", ttl, "SRV", "0 5 5222 %s." % domain],
-        ["_xmpp-server._tcp", ttl, "SRV", "0 5 5269 %s." % domain],
-        ["muc", ttl, "CNAME", "@"],
-        ["pubsub", ttl, "CNAME", "@"],
-        ["vjud", ttl, "CNAME", "@"],
-        ["xmpp-upload", ttl, "CNAME", "@"],
-    ]
+    #########
+    # Email #
+    #########
 
-    # SPF record
     spf_record = '"v=spf1 a mx'
     if ipv4:
         spf_record += ' ip4:{ip4}'.format(ip4=ipv4)
@@ -470,7 +460,6 @@ def _build_dns_conf(domain, ttl=3600):
         spf_record += ' ip6:{ip6}'.format(ip6=ipv6)
     spf_record += ' -all"'
 
-    # Email
     mail = [
         ["@", ttl, "MX", "10 %s." % domain],
         ["@", ttl, "TXT", spf_record],
@@ -485,12 +474,36 @@ def _build_dns_conf(domain, ttl=3600):
             ["_dmarc", ttl, "TXT", '"v=DMARC1; p=none"'],
         ]
 
-    # Extra
-    extra = [
-        ["@", ttl, "CAA", '128 issue "letsencrypt.org"']
+    ########
+    # XMPP #
+    ########
+
+    xmpp = [
+        ["_xmpp-client._tcp", ttl, "SRV", "0 5 5222 %s." % domain],
+        ["_xmpp-server._tcp", ttl, "SRV", "0 5 5269 %s." % domain],
+        ["muc", ttl, "CNAME", "@"],
+        ["pubsub", ttl, "CNAME", "@"],
+        ["vjud", ttl, "CNAME", "@"],
+        ["xmpp-upload", ttl, "CNAME", "@"],
     ]
 
-    # Official record
+    #########
+    # Extra #
+    #########
+
+    extra = []
+
+    if ipv4:
+        extra.append(["*", ttl, "A", ipv4])
+    if ipv6:
+        extra.append(["*", ttl, "AAAA", ipv6])
+
+    extra.append(["@", ttl, "CAA", '128 issue "letsencrypt.org"'])
+
+    ####################
+    # Standard records #
+    ####################
+
     records = {
         "basic": [{"name": name, "ttl": ttl, "type": type_, "value": value} for name, ttl, type_, value in basic],
         "xmpp": [{"name": name, "ttl": ttl, "type": type_, "value": value} for name, ttl, type_, value in xmpp],
@@ -498,7 +511,12 @@ def _build_dns_conf(domain, ttl=3600):
         "extra": [{"name": name, "ttl": ttl, "type": type_, "value": value} for name, ttl, type_, value in extra],
     }
 
-    # Custom records
+    ##################
+    # Custom records #
+    ##################
+
+    # Defined by custom hooks ships in apps for example ...
+
     hook_results = hook_callback('custom_dns_rules', args=[domain])
     for hook_name, results in hook_results.items():
         #
diff --git a/src/yunohost/dyndns.py b/src/yunohost/dyndns.py
index 70817b3fe..6e597fbbf 100644
--- a/src/yunohost/dyndns.py
+++ b/src/yunohost/dyndns.py
@@ -258,7 +258,17 @@ def dyndns_update(operation_logger, dyn_host="dyndns.yunohost.org", domain=None,
         logger.info("Updated needed, going on...")
 
     dns_conf = _build_dns_conf(domain)
-    del dns_conf["extra"]  # Ignore records from the 'extra' category
+
+    for i, record in enumerate(dns_conf["extra"]):
+        # Ignore CAA record ... not sure why, we could probably enforce it...
+        if record[3] == "CAA":
+            del dns_conf["extra"][i]
+
+    # Delete custom DNS records, we don't support them (have to explicitly
+    # authorize them on dynette)
+    for category in dns_conf.keys():
+        if category not in ["basic", "mail", "xmpp", "extra"]:
+            del dns_conf[category]
 
     # Delete the old records for all domain/subdomains