ZentraLink

Features

Everything you need to run domains as an operator.

ZentraLink is built around the workflow MSPs, agencies and IT teams actually use - read first, write with approval, snapshot before every change.

Domains & inventory

Every domain across every customer, with risk score, registrar, expiry and assigned provider in one searchable list.

DNS read & write

Cloudflare, Hetzner DNS, DigitalOcean, PowerDNS and AWS Route53 via real provider APIs. Read-only-first by default; live write opens explicitly with an acknowledged risk warning.

Approval workflow

Critical record changes (MX/NS/TXT/CAA/SOA), deletions, bulk edits, template applications and rollbacks can require approval. Configurable per workspace.

Snapshots & rollback

Take a snapshot before any change, or manually. Rollbacks are explicit DNS change requests (no blind overwrite) - the operator sees the diff before approving.

DNS templates

17 vendor presets (Shopify, Microsoft 365, Google Workspace, Vercel, ...) plus your own. Applying a template creates a change request.

SSL, mail-DNS, RDAP checks

Real TLS handshakes, real DNS resolution, real RDAP lookups via the IANA bootstrap. Risk score is computed and persisted on every check.

Reports

Domain health, SSL, mail-DNS, DNS changes, provider sync, customer overview and monthly summary. Printable HTML + real PDF export + email delivery with PDF attachment.

Notifications

Per-user subscription matrix across in-app and email channels. Instant, hourly or daily digest. Tenants can override the SMTP transport.

Support tickets

Built-in ticketing with comments, internal notes, status transitions and live updates via Server-Sent Events.

Audit log

Every action is recorded with actor, IP and structured metadata. Filterable by user, action, resource and time range.

Multi-tenant + RBAC

Owner / Admin / Manager / Member / Viewer roles per workspace. Per-tenant approval policy, SMTP and DNS templates.

2FA & secrets

TOTP with backup codes for accounts, AES-256-GCM encryption for provider credentials and 2FA secrets, server-side opaque sessions and CSRF protection.