Question 1

What does ZentraLink actually replace?

Accepted Answer

Nothing wholesale. ZentraLink sits on top of the providers you already use — Cloudflare, Hetzner, AWS, IONOS and the rest — and gives you one operational layer across all of them. It is the dashboard, audit trail and workflow engine your stack was missing.

Question 2

Will turning ZentraLink on touch anything?

Accepted Answer

No. Every provider connection starts read-only. Switching a provider into active management is a deliberate, per-provider decision — and even then, every write goes through approval rules and snapshots.

Question 3

Can I buy domains directly?

Accepted Answer

Yes. The Buy domains flow uses the same registry pipeline that powers the rest of the platform, with Mollie payments and live availability at the registry. The registered domain shows up under My domains immediately.

Question 4

Which DNS providers do you support?

Accepted Answer

Eleven on day one: Cloudflare, Hetzner DNS, AWS Route 53, DigitalOcean, PowerDNS, IONOS, Gandi, GoDaddy, Namecheap, OVH and Porkbun. The schema is normalised so you write a record once and ZentraLink converts it to the right shape per provider.

Question 5

How do approval workflows work?

Accepted Answer

Per record type and per scope. A common setup: A/AAAA + MX records on production domains require a second admin's approval before they go live; TXT records can be edited freely. Every approval is logged with the actor, the diff and the timestamp.

Question 6

Can I roll back a DNS change?

Accepted Answer

Yes — every change takes a zone snapshot first. One click on the audit row restores the previous state at the provider, and the rollback itself is recorded as its own audit event.

Question 7

How does SSL monitoring work?

Accepted Answer

Every domain is scanned continuously. We check the certificate chain, the issuer, OCSP status and CAA records, and we raise tiered warnings at 60, 30, 10 and 1 days before expiry. Issuer pinning catches unexpected renewals from a different CA.

Question 8

Does ZentraLink check mail security?

Accepted Answer

Yes — SPF alignment, DKIM signatures, DMARC policy and BIMI readiness on every domain that runs email. Soft warnings highlight common gaps (e.g. p=none on DMARC) before they hurt deliverability.

Question 9

What about DNSSEC?

Accepted Answer

DNSSEC is monitored end-to-end. If a domain has DNSSEC enabled but the chain breaks at the parent registry, the Risk Center surfaces it before resolvers start refusing the zone. For Netcup-managed zones the registry handles key rotation automatically.

Question 10

How are domain expirations tracked?

Accepted Answer

We pull the registry expiry for every domain and warn at 60, 30 and 10 days, then daily in the final week. Auto-renewals from your registrar still apply — ZentraLink only adds the second pair of eyes.

Question 11

What notification channels are supported?

Accepted Answer

Email, in-app, Slack and Microsoft Teams webhooks, plus a public webhook target for your own incident pipeline. Per-event subscriptions let each user pick what they want where.

Question 12

How does team access work?

Accepted Answer

Three default roles: Admin (full access), Supporter (scoped per-domain + per-record permissions, time-bounded if needed), Viewer (read-only). Enterprise plans add custom permission sets and SAML/OIDC single sign-on.

Question 13

Do you support SSO?

Accepted Answer

Yes — SAML 2.0 and OIDC on enterprise plans. We've tested against Okta, Azure AD/Entra, Google Workspace and Authentik. SCIM provisioning is on the roadmap.

Question 14

How are credentials stored?

Accepted Answer

API tokens, secrets and AuthCodes are AES-256-GCM-encrypted at rest with a key held outside the database. Tokens never appear in audit logs, error messages or webhook payloads. Each provider connection has its own token, scoped to the least privilege needed.

Question 15

Is the data I send you stored in the EU?

Accepted Answer

Yes. Primary hosting is in Germany; subprocessors are listed publicly at /subprocessors and the technical-and-organisational measures sit at /toms. We're built for GDPR from day one.

Question 16

Can I get a Data Processing Agreement?

Accepted Answer

Yes. A signed DPA is available before you start sending us any operational data. Public template at /dpa, signed copy on request.

Question 17

What do reports look like?

Accepted Answer

Portfolio overview, health timeline, risk register, SSL renewals, audit summary — exportable as PDF or CSV. Branded with your company on plans that include the report-branding capability.

Question 18

How long is audit data retained?

Accepted Answer

Audit events are kept for the lifetime of the workspace plus 90 days after cancellation. CSV export is one click; the Risk Center keeps the trailing 12 months in the dashboard.

Question 19

Does ZentraLink have an API?

Accepted Answer

Yes. Scoped, key-based and rate-limited. Every action the dashboard takes is also exposed as a REST endpoint, with webhooks for events, a documented OpenAPI schema, sandbox keys for development, and typed client libraries on the way.

Question 20

Can I integrate with my CI / IaC?

Accepted Answer

Yes. The API is designed for exactly that — webhooks for change events, idempotent endpoints for batch writes, structured diffs you can pipe into Terraform plan output. A Terraform provider is on the public roadmap.

Question 21

What does enterprise add?

Accepted Answer

Custom plans, SAML/OIDC SSO, SCIM, branded reports, audit log streaming to your SIEM, priority response, a named CSM and an on-call escalation path. Talk to us at /contact and we'll send a tailored proposal.

Question 22

How do I migrate from a spreadsheet?

Accepted Answer

CSV import for the domain portfolio is built in — column-mapped and dry-runnable. Most teams have their entire inventory in ZentraLink within an hour. The onboarding guide walks through it step by step.

Question 23

Can I self-host ZentraLink?

Accepted Answer

Today we're a hosted SaaS. A self-hosted enterprise edition is on the roadmap; reach out at /contact if it's a hard requirement and we'll align timelines.

Question 24

Are there discounts for non-profits or open source?

Accepted Answer

Yes — drop a short note via the contact form and we usually approve within a working day. Educational use is also discounted.

Question 25

How does pricing work?

Accepted Answer

Plans scale on domains, users and providers. The free tier covers a handful of domains and the core monitoring features — enough to run a side project end-to-end. Paid plans unlock approvals, automations, branded reports, the public API and higher quotas.

Question 26

What happens to my data if I leave?

Accepted Answer

Full CSV export at any time, dashboard data deleted within 30 days of cancellation, GDPR-grade purge available on request. No lock-in, no surprise re-bills.

Run every domain like a piece of infrastructure.

Every domain. Every provider. One source of truth.

Every change reviewed. Every version recoverable.

Never miss an expiry again.

Every domain rated. Every risk explained.

Roles that match how your team actually works.

Granular team access

Reports your stakeholders read

Run a live health scan on any domain.

Why ZentraLink instead of a console — or a spreadsheet?

The questions we hear most often.

Take control of your domain stack today.