// DNS MANAGEMENT REIMAGINED
Plan, deploy, and verify DNS changes with safety guardrails that prevent disasters. Works standalone or connected to ZoneRails Server for enterprise teams.
// ZONEOPS GUARDRAILS
Six layers of protection between you and a DNS disaster. Every guardrail works automatically — no configuration needed.
Mark critical records as protected. Prevents accidental modification or deletion with confirmation prompts.
Detects CNAME conflicts, duplicate records, and multi-value type collisions before they cause outages.
Compares expected vs. current record state. Warns you when records have been changed outside the app.
Verifies DNS propagation via Cloudflare API. Confirms records are live before closing the ticket.
Detect orphaned tunnel DNS records, preview ingress impact, and map tunnel health across your infrastructure.
Immutable audit log of every change with before/after snapshots. One-click rollback to any previous state.
// DEPLOYMENT PIPELINE
Stop making DNS changes one record at a time. Plan your entire migration, review the diff, and deploy atomically.
Search records across all zones. Add creates, edits, and deletes to a named deployment with ticket tracking.
See every change at a glance. Run pre-flight validation — 8 checks per item covering connection, zone, drift, conflicts, and more. Nothing deploys by accident.
Execute all changes in one batch. Real-time per-item progress bar. Per-item success/failure reporting. Schedule for later. Full rollback with impact analysis if anything goes wrong.
Automatic DNS propagation verification via Cloudflare API. Pre-flight validation with 8 checks per item. Deployment rollback with impact analysis. Full audit trail preserved.
// ZONERAILS SERVER
A self-hosted backend that transforms ZoneRails from a personal tool into an enterprise-grade, governed DNS management platform. Deploy on your infrastructure. Control your data.
Four system roles with granular permissions. Create custom roles. Every action attributed to a user with full audit trail.
LDAP/AD authentication with automatic group-to-role mapping. Users log in with their domain credentials. Roles assigned by group membership.
WebSocket push notifications across all connected clients. Deployment status, DNS changes, and cache updates broadcast instantly.
Server-side cron executes deployments during maintenance windows. No laptop required. Automatic verification after execution.
DNS provider tokens encrypted at rest (AES-256-GCM). Admins configure once — all users access shared connections. No credential sharing.
Immutable audit log with before/after snapshots, user attribution, and one-click rollback. SOX, PCI, and ISO 27001 ready.
Built-in Admin Dashboard. Web-based management UI for users, roles, AD group mappings, connections, and license management. No additional tools required.
// INTERFACE
// PROVIDERS
Full API integration. Zones, records, and tunnels. Proxied and DNS-only records. Scoped API tokens.
Connect to Windows DNS servers via WinRM. Full record management with the same guardrails as Cloudflare.
// PRICING
For individual use. One Cloudflare zone with core guardrails.
For power users. Unlimited zones and all client features unlocked.
Self-hosted backend for teams. RBAC, AD integration, scheduling, and compliance.
// DOWNLOAD
Available for macOS and Windows. Free to download, free to use.
System Requirements: macOS 12+ (Monterey) or Windows 10+. 200MB disk space. Internet connection for Cloudflare API access.