PDNS Manager

Zones & records

The actual DNS work happens here. PDNS Manager covers the full PowerDNS surface: every zone kind, every common RR type via forms, and the rare ones via an RDATA text field with inline help.

Creating a zone

Under Zones → New. Key fields:

  • Name – e.g. example.com. The trailing dot is added server-side.
  • Kind:
    • Native – PowerDNS serves the zone directly from the DB. Default. Suits most setups including multi-server on a shared DB.
    • Master – PowerDNS is the source of truth, classic AXFR slaves attach.
    • Slave – this instance pulls the zone from an external master.
  • Nameservers – NS records that go into the zone. Don't forget the trailing dot.
  • SOA edit API – how PowerDNS bumps the serial on changes. Recommendation: DEFAULT.
  • Enable DNSSEC – immediately or later, see DNSSEC.
  • Template – with zone templates, default records (NS, SOA, SPF, DMARC) are created together with the zone.

Records: supported types

Click a zone → Zone detail. There's a form per type. What's a form depends on the type:

Form-based (default fields)

  • A – IPv4, e.g. 203.0.113.10.
  • AAAA – IPv6, e.g. 2001:db8::1.
  • CNAME – alias to another name, e.g. www → example.com..
  • MX – priority + mail server, e.g. 10 mail.example.com..
  • TXT – free text in quotes. SPF, DKIM, DMARC, verify tokens.
  • SRV – service records with priority, weight, port, target.
  • NS – usually set already by creating the zone.
  • PTR – reverse DNS in in-addr.arpa / ip6.arpa zones.
  • SOA – auto-generated; editable in the panel (refresh, retry, expire, minimum).

RDATA text field (with inline help)

Rarely used or newer types are entered through a generic RDATA field. A context hint appears next to the field with the expected format and a concrete example:

  • ALIAS – "CNAME that works at the apex" – PowerDNS resolves the target itself.
  • DNAME – aliasing for an entire subtree.
  • SVCB / HTTPS – modern service binding (RFC 9460), incl. ALPN and ECH.
  • SSHFP – SSH host fingerprints.
  • TLSA – DANE for TLS pinning.
  • CAA – which CAs may issue certs for the domain.
  • NAPTR, LOC, OPENPGPKEY, SMIMEA, …
  • All DNSSEC records – DS, DNSKEY, RRSIG, NSEC, NSEC3, NSEC3PARAM, CDS, CDNSKEY.

Example: a complete mailserver block

# A records
mail               A      300    203.0.113.20

# MX for the apex
@                  MX     3600   10 mail.example.com.

# SPF (via TXT)
@                  TXT    3600   "v=spf1 mx ~all"

# DKIM (selector "default")
default._domainkey TXT    3600   "v=DKIM1; k=rsa; p=MIIBI..."

# DMARC
_dmarc             TXT    3600   "v=DMARC1; p=quarantine; rua=mailto:[email protected]"

# MTA-STS + TLSRPT
_mta-sts           TXT    3600   "v=STSv1; id=20260101"
_smtp._tls         TXT    3600   "v=TLSRPTv1; rua=mailto:[email protected]"

Bulk operations

Select multiple records in the list to delete/change them in one go. Behind the scenes that's POST /api/v1/records/<server>/<zone>/bulk, fanned out to all writable servers.

Import / export

Export a zone

Top right in zone detail: Export. Returns the zone as a classic BIND zonefile – good for backups or diffing.

Import: preview, then apply

Under Zones → Import upload or paste a zonefile. Before saving anything, the panel sends it through POST /api/v1/zones/import/preview and shows a diff:

  • + new records
  • − deleted records
  • ~ changed records (TTL/content)

Only after confirming the diff does the actual import call go out. You can refactor whole zones without accidentally killing the mail block.

Trigger NOTIFY

For master zones with classic AXFR slaves, top right in zone detail there's a NOTIFY button (calls POST /api/v1/zones/<server>/<zone>/notify). Useful after big bulk updates.

Read-only banner

If you have read-only access to a zone (see Users & roles) or the active server isn't writable, a red banner appears in zone detail with a switch button to a writable peer (if any). Write buttons are disabled in that mode.

No image has been added yet. Drop it into src/assets/screenshots/<filename> and register it in the gallery list.