Every signal your domain stack emits — in one place.
ZentraLink turns the patchwork of provider consoles, DNS clients, certificate alerts and spreadsheets into a single, audited operations layer. Below are the seven product surfaces that show up on day one.
Every domain, scored and sorted.
A live registry of every domain you run, with a health score, registrar, expiry and active alerts. Filter, search, group by customer, export to CSV — the inventory you've always wanted.
- Live registrar and nameserver detection
- Per-domain health score with trends
- Bulk actions across the whole portfolio
- CSV import + export, no lock-in
Make changes you can defend.
Edit zones across every connected provider from a single editor. Every change is diffed, snapshotted and audit-logged — and routed through approval rules for the records that matter.
- Unified editor across 11 providers
- Per-zone snapshots before every change
- One-click rollback to any version
- Approval rules per record type
Certificates that never lapse.
Continuous chain validation across every domain. Tiered warnings at 60, 30, 10 and 1 days. Issuer detection, OCSP probing and CAA conflict checks built in.
- Continuous chain + OCSP validation
- Four-tier expiry warnings
- Issuer pinning + CAA conflict detection
- Direct routing into your existing renewal flow
SPF, DKIM, DMARC and the dark corners.
Mail-security checks, DNSSEC chain validation, subdomain takeover detection, open-redirect probes — the security signals nobody else aggregates in one place.
- Mail-security checks (SPF, DKIM, DMARC, BIMI)
- DNSSEC chain validation, parent and child
- Subdomain takeover + open-redirect probes
- Risk score per signal class
Eleven integrations, one consistent shape.
Cloudflare, Hetzner DNS, AWS Route 53, DigitalOcean, PowerDNS, IONOS, Gandi, GoDaddy, Namecheap, OVH and Porkbun. We normalise their APIs so you don't have to.
- Read-only by default — flip the switch when you're ready
- Provider Trust Center with computed + override health
- Token rotation and scoped credentials
- All credentials encrypted at rest
Roles that fit how a real team works.
Admins, Supporters and Viewers — with per-domain scope, per-action permissions and an audit log that records who did what, when and from where.
- Granular per-domain + per-record permissions
- SSO via SAML/OIDC on enterprise plans
- Per-action audit log with IP + user agent
- Scoped, time-bounded sharing for external auditors
Everything the dashboard does, scriptable.
Scoped API keys, rate limits, signed webhooks, a documented schema. Build your own automations, embed widgets in internal dashboards, glue ZentraLink into your incident pipeline.
- Scoped keys with per-token rate limits
- Signed webhooks with replay protection
- OpenAPI schema + typed client libraries
- Sandbox keys for safe development
POST /api/v1/domains
Authorization: Bearer zl_•••••••••••
{
"domain": "acme.com",
"provider": "cloudflare",
"monitoring": ["dns", "ssl", "mail"]
}
← 201 Created
{
"id": "dom_8s2x",
"healthScore": 92,
"next_scan": "2026-06-01T08:00:00Z"
}Common questions about the product.
If your answer isn't here, the team is one message away.
- Yes. Add domains manually and we'll still run the read-only monitoring suite — health, SSL, mail security, DNSSEC. Connect a provider later to unlock active management.
Connect one provider. Watch the dashboard fill up.
Free to start, no credit card, read-only by default. Most teams have their first health score within five minutes.
No credit card · cancel any time