Read for example this: https://dmarcian.com/policy-modes-quarantine-vs-reject/
With quarantine, spam emails claiming to come from your domain will be delivered to the spam folder, so people will think that your domain is sending spam.
All the biggest sites use reject, just an example:
_dmarc.google.com. 300 IN TXT “v=DMARC1; p=reject; rua=mailto:email@example.com”
So I recommend changing the DMARC policy to reject for both the self-hosted DNS and the “External DNS” page