Audit log

The audit log answers the typical compliance question "Who changed what when?" – and it's also handy day-to-day when "Why does this zone look different from yesterday?" comes up.

What gets logged

Essentially every write to DNS state and security-relevant settings. The action values from the code:

One row in detail

In the panel under Audit log (admin-only) you see all entries in a table with filters per action, resource type and server. One row as JSON (from GET /api/v1/audit-log):

{
  "id": 4711,
  "timestamp": "2026-04-27T14:23:01.456Z",
  "action": "UPDATE",
  "resource_type": "RECORD",
  "resource_name": "www.example.com. A",
  "server_name": "master-fra1",
  "user_id": 17,
  "details": {
    "old": [{"content": "203.0.113.10", "ttl": 300}],
    "new": [{"content": "203.0.113.20", "ttl": 60}],
    "fan_out": [
      {"server": "master-fra1", "status": "ok"},
      {"server": "master-ams1", "status": "ok"}
    ]
  },
  "status": "success",
  "error_message": null
}

Filtering

GET /api/v1/audit-log
    ?action=DELETE
    &resource_type=RECORD
    &server_name=master-fra1
    &limit=50&offset=0

CSV export

The audit log has a Export CSV button (endpoint: GET /api/v1/audit-log/export). Format:

• Semicolon (;) separator – so Excel opens it without the "split columns" wizard.
• UTF-8 with BOM – so umlauts are correct in Excel.
• Same filters as the UI; max_rows caps the export.

curl -OJ \
  -H "Authorization: Bearer dnsmgr_usr_..." \
  "https://pdns.example.com/api/v1/audit-log/export?action=DELETE&max_rows=10000"

Retention

PDNS Manager does not auto-rotate the audit log. For GDPR-style retention either add a DB cron that prunes old rows, or stream it via webhook to a central log server (see Webhooks).