PDNS Manager

← Back to overview

v2.3.7 · Released April 2026

Larger release with multi-server record sync, login rate limiting, SSRF protection for webhooks, and full i18n parity across all six languages.

Records & multi-server sync

  • Fan-out on writes: record POST/PUT/DELETE and bulk updates are applied to every server with allow_writes=true that hosts the zone. Read-only servers are hard-rejected (HTTP 403). Per-server status sits in the response body under details.
  • Frontend knows writable servers: /api/v1/servers includes allow_writes. Clicking a zone navigates to a writable server automatically.
  • Unified display: zone list, search and dashboard collapse identical zones/records across multiple servers into one row. Servers carrying the zone show up as badges.
  • Zone detail banner: current server read-only → red warning + switch button. Additional writable peers → info banner showing changes will land on all of them.

Zone permissions (read / manage)

  • Selectable per zone in Users → Assign zones. "Read only" blocks every write action server-side.

Security

  • Login rate limit: IP-based lockout after several failed logins (HTTP 429, sliding window).
  • Webhook SSRF protection: webhook URLs are validated before save and before each delivery. Localhost / private / link-local / multicast targets are blocked by default. Set WEBHOOK_ALLOW_PRIVATE_URLS=true in .env if you need them on an internal network.
  • PowerDNS errors: 5xx responses are logged in full server-side; the user sees a friendly message with no stack trace leak.

i18n

  • All six languages (en / de / sr / hr / bs / hu) are now fully in sync on the same key set (770 keys).
  • Maintain via node scripts/sync-locales.mjs.

Tests

  • Pytest suite with real module tests: DNSSEC parsing, ACME helpers, zone ACL, login rate limit, webhook URL validation, health.

Audit

  • Admins can export the log as CSV (GET /api/v1/audit-log/export).

Healthcheck

  • GET /health checks the database with SELECT 1. If the DB is gone: HTTP 503 + status: unhealthy.
  • compose.yaml adds a healthcheck for the backend service.

UX & stability

  • AppErrorBoundary: instead of a blank page on a frontend runtime error, you now get a clear message with a "Reload" button.
  • Empty record lists show a hint + Add button instead of an empty table.
  • Settings → API & Security wraps tokens / TOTP / webhooks into one panel; TOTP QR code uses the qrcode package now.

Build / deployment

  • backend/Dockerfile verifies after the frontend copy that index.html, assets/ and at least one built JS bundle exist.
  • compose.yaml: backend healthcheck via /health, new env entry WEBHOOK_ALLOW_PRIVATE_URLS.

Docs

  • docs/PANEL-API.md extended: auth flows, endpoint examples for zones / records / DNSSEC, webhook signature verification with a code snippet.