1.4.2 (May 19, 2023)


ZONECONTROL_NSEC3PARAM_DEFAULT can be changed in, but it is advised to keep it at the default of "1 0 0 -".


  • Support for PEP 440 compliant version numbers so RPM packages built again !270


  • NSEC3 support in DNSSEC settings for zones !271


  • Added EL9 packages !275

  • Upload documentation from GitLab CI to !273

  • Auth API docs are now proxied through ZoneControl !272

1.4.1 (September 2, 2022)


  • Fix quotes in LUA example record (!261).

  • App: hide PTR checkbox when auto PTRs are disabled (!261).

  • Fix crash due to double saving of audit logs (!261).

  • Fix editing of LUA records (ZC-156, !261).

1.4.0 (March 10, 2022)

From this release onwards Debian Buster is no longer supported.


  • Admin option ZONECONTROL_SERVERS_READONLY (ZC-147, !259).

  • Allow disabling history. scheduling, comments and auditlog (ZC-147, !257).


  • Upgrade to a Python 3.9 that we ship (ZC-150, !258).

1.3.4 (October 14, 2021)


  • Take the Server into account when displaying RRSet comments (ZC-144, !256).

1.3.3 (July 09, 2021)



  • Stop frontend freezing when searching for template zones with many eligable zones (ZC-130, !253).

1.3.2 (March 25, 2021)


  • Expose that ZoneControl does APIv1 on /api, as some clients use this information (ZC-117, !247).


  • Adding and editing a root zone (.) now works in the ZoneControl frontend (ZC-118, !248).

  • Fixed a broken shebang in /usr/share/zonecontrol/bin/ in the Debian packages (!250)

1.3.1 (January 21, 2021)


  • PostGreSQL support has been added and can be enabled by installing zonecontrol-postgresql (!245)


  • Zone names starting with an _ are no longer improperly escaped (ZC-98, !244)


  • zonecontrol-cache has been split into a seperate package for Debian, as was the case for EL

1.3.0 (November 26, 2020)

  • Alpha 1: September 22, 2020


  • zonecontrol-ldap package has been added for integration into LDAP/AD environments (ZC-93, !230)


  • Requests that trigger the creation of an Auditlog no longer fail when the User Agent string is too long (ZC-88, !228)

  • Ensure the API endpoints return Content-Type: application/json (ZC-92, !232)


  • Add OPENPGPKEY help text (ZC-7, !233)

  • Update the link to the ALIAS record howto (!233)

  • Audit log now uses X-Forwarded-For header to get the remote IP address when ZoneControl is behind a proxy (ZC-91, !229)

  • Remove the proprietary HTTP Redirect record (!233)

1.2.0 (June 15, 2020)

  • Alpha 1: February 26 2020

  • Beta 1: March 16 2020

  • RC 1: April 22, 2020


  • Implement automatic PTR record creation (ZC-42, !196)

  • The zones list can be cached in Redis, drastically improving performance of the web-interface when PowerDNS is serving many domains (!206)

    • This requires the zonecontrol-cache service to be running

    • This caching can be controlled by the the ZONECONTROL_CACHE_ZONES_* settings

  • The DNSSEC information is not longer requested by default for the zone-overview, improving performance of the frontend (!203)

    • This can be controlled with the ZONECONTROL_ZONE_OVERVIEW_DNSSEC configuration option

  • The ‘edited’ serial is now displayed in the zone-overview (ZC-40, !201)

  • New distribution support:

    • RHEL/CentOS/OL 8

    • Debian Buster


  • The slave notifications status is hidden for Native zones (ZC-52, !208)

  • Underscored records no longer appear in the wrong place in the interface (ZC-5, !207)

    • This also improves the display of rrset with the same owner name


  • Permission management has been tightened (ZC-1, !194)

    • Users with these permissions and staff status can add users to their groups:

      • auth | group | Can change group

      • auth | user | Can change user

    • The same user can not see groups they don’t belong to

    • Staff users with ‘Can change user’ permissions can no longer - See or give staff status - See or give superuser status - Edit user permissions

    • No one but superuser can now edit - User permissions - Group permissions

    • Users can only see users from their groups in the user-admin, but they can add them to their groups in the group-admin

    • Several fields in the administrative interface have been hidden as a result

    • Zone and server permissions are now enforced for staff-users in the administrative backend (ZC-14, !216)

  • Several visuals in the frontend have been harmonized and improved (!215)

  • Django is updated to the latest LTS version, 2.2 (!204)

  • Javascript components are upgraded. Most importantly, Angular is now at version 7.2 (!193)

  • Documentation has been updated with all new features and sections on the permissions model

1.1.1 (July 10, 2019)


  • Don’t have an empty result when the per-RRset limits list is longer than 1 (!199)

1.1.0 (June 24, 2019)

  • Alpha 1: internal only

  • Alpha 2: internal only

  • Alpha 3: May 20 2019

  • Beta 1: May 23 2019


  • Support for the PowerDNS Authoritative Server 4.0 has been dropped. (#146)

  • pkgs: Depend on the Python 3.6 from EPEL, not on the one from SCL (!186)


  • Ability to limit the kinds of zones that are allowed to be created. By default, all 3 kinds are allowed. This limit can be set in the file by the system administrator. (!172)

  • The zone overview is paginated, showing 25 zones per page. (PDNS-37, !171)

  • The records overview is paginated, showing 200 records per page. (PDNS-37, !171)

  • PTR records can be automatically generated by appending a ‘*’ after the ip address. This feature can be disabled in the by the system administrator. (PDNS-158, PDNS-189, !174)

  • The zone settings dialog has been extended with buttons to queue NOTIFY messages (for master zones) and retrieve the zone (for slave zones). The system administrator can disable this feature in (!173)

  • The DNSSEC dialog shows what kind of keys will be created once the user clicks “Enable DNSSEC”. (PDNS-39, !175)

  • An ‘advanced DNSSEC’ role permission has been added. Users with this permission have a tab in the DNSSEC dialog that allows manipulation of all keys. (PDNS-39, !175)

  • Per-RRSet role-based access control has been added. This feature allows roles to be restricted to records of certain names and types. By default, all records are allowed when a role has access to a zone. (PDNS-165, PDNS-35, !178)


  • Fix alert when attempting to add an internally managed record at the apex. (#169)

  • Ensure the UI shows ‘repeated’ zone names. (PDNS-206, #166)

  • Mark required textareas in forms. (#167)

1.0.1 (July 17, 2018)


  • Implement rolebased API “pass through” (#128)

  • Comments for zone records (#122) - Tool to import comments from PowerDNS Authoritative Server

  • roles: Granular permissions for zone settings, DNSSEC and version restores (#104)


  • pkg: Let yum figure out which mysql lib to pull in (#144)

  • pkg: Add MySQL support package for CentOS 7 (#127)

  • admin: More user-friendly role admin UI (#104)

  • dnssec: When enabling DNSSEC, the configured DNSSEC server defaults are now honored (#105)


  • Fix API error when adding or removing zone (#139)

  • Catch SOA entries that do not exist (#133)

  • backend: Fix 500 error when adding non-template zone (cf0393e)

  • builder: Fix missing styling in built packages, debian build fixes (#95)

1.0.0 (September 20, 2017)

First release.


  • Zone version history and restore (#56)

  • Zone templates (#63)

  • builder: New build system, CentOS 7 and Debian Stretch packages (#70)

IMPROVEMENTS: - libs: Upgraded to Angular 4.3.6 and Webpack 3.5.5

BUG FIXES: - dnssec: Correct handling of ksk/zsk keys in UI (#65)