Version 1.694
Released: 2026-02-03
Support for the new DNS record types HTTPS and SVCB new
A new DNS resource record types - HTTPS and SVCB (RFC 9460) is supported by DirectAdmin. These DNS records enables the following features:
- Redirect HTTPS service to other host name (alias mode).
- Inform web browsers about HTTPS support and pass extra HTTPS parameters (service mode).
- Allow storing ECH data in the DNS.
The availability of the new DNS record type in the user interface can be managed with a new dns_https and dns_svcb configuration options. Support for the new record types are enabled by default.
The default DNS HTTPS record set for new domains can be configured by creating a customised copy of the data/templates/dns_https.conf template file or data/templates/dns_svcb.conf template file.
Support for installing the Unbound DNS server new custombuild
The CustomBuild tool now supports installing Unbound. Unbound is a validating, recursive, caching DNS resolver. Running it locally on the server can bring multiple advantages:
- No need to configure DNS servers. The server can work without specifying the address of an external DNS server.
- Guaranteed DNSSEC validation. Unbound DNS resolver uses DNSSEC by default. External DNS servers might support or might not support DNSSEC validation. It really depends on the ISP or DC network administrators.
- Improved privacy. DNS lookups will contact authoritative servers directly. This removes an easy way to monitor server activity on the recursive DNS server level. Multiple name lookups will not be visible on the network at all because of the local DNS cache.
- Zero trust. There are no 3rd party servers that could perform DNS response tampering for domains that use DNSSEC. Any response tampering would be detected by the DNSSEC validation logic.
- Avoids popular spam RBL rate limiting. For example, the Spamhaus Project blocks access to its RBLs when public DNS servers are used (for example, Google, Cloudflare, Quad9, etc.).
Installing the Unbound DNS server can be enabled by setting the unbound=yes option in the options.conf file.
When CustomBuild installs the Unbound DNS server, it configures it to listen for the DNS requests on the 127.0.0.253 loopback IP address. This prevents the Unbound service from clashing with the Bind authoritative DNS server or the systemd-resolved stub resolver.
To enable and install the Unbound DNS server, use the following commands:
da build set unbound yes
da build unbound
Note: CustomBuild will not automatically reconfigure the system to start using the Unbound resolver as the default system resolver.
There is a separate feature for starting to use the Unbound DNS server as main system resolver. It is controlled with the unbound_as_default_resolver option in the options.conf file.
To install the Unbound DNS server and start using it as default server resolver, use the following commands:
da build set unbound yes
da build set unbound_as_default_resolver yes
da build unbound
File Manager remove file action hook new
A new hook for filemanager remove file action is added file_manager_remove_pre.sh.
File Manager file editor redesign evolution update
The File Manager file editor has been redesigned with several key changes:
- It is now a separate page instead of an overlay modal.
- You can now copy the full file path using a button in the toolbar.
- You can now navigate to other directories directly from the editor using the folder tree in the sidebar. On mobile devices, you must first return to the directory view because the floating button for opening the folder tree drawer is disabled while the editor is open.
- Editor options and switches have a refreshed, more modern design consistent with other editors. Switches use the primary color for
onand a muted grey color foroff. Dropdown selectors kept the same available options. - Removed the
Save File Asoption, as it was deemed no longer necessary.
New options.conf items new custombuild
In this release CustomBuild got new options:
| Setting | Options | Default value |
|---|---|---|
wpcli | yes/no | yes |
imapsync | yes/no | yes |
composer | yes/no | no* |
- one-time autodetection: 'yes' if composer exists and the option is not present in
options.conf
Updated service monitoring page evolution update
The service monitoring page now features a refreshed design, improved mobile experience, and auto-refresh functionality.
Changes to plugins uploaded with Plugin Manager update
CMD_PLUGIN_MANAGER "add" action logic was changed. Most notably, it will:
- Always install and activate plugin. The option for selecting whether to install newly added plugin is removed from Evolution and Enhanced.
- Removes plugin if an error is encountered. For example, if plugin was successfully uploaded, but then the installation ("install.sh") script failed, it won't be visible in Plugin Manager page anymore.
- Does not allow plugins with same ID. If another plugin with the same ID already exists, user has to remove the existing one first.
- "X-DirectAdmin" header is no longer respected.
- "URL" type upload uses different "User-Agent" header than before. This change affects servers that look for specific string within this header to permit download.
Software version changes custombuild update
- composer updated from
2.9.3to2.9.5 - MySQL 8.0 updated from
8.0.44to8.0.45 - MySQL 8.4 updated from
8.4.7to8.4.8
Avoid double email delivery with broken forwarder configuration fix
Exim mail server configuration was updated to avoid double delivery of emails to the UNIX user account mailbox when system_user_to_virtual_passwd is enabled but the forwarders file /etc/virtual/{domain}/aliases still contains legacy forwarding to the system mailbox.
File Manager checks directory access before navigating evolution fix
The File Manager now checks whether the target directory is accessible before redirecting the user and updating the path value in the URL.
Previously, in some cases the URL path could become out of sync with the directory that was actually being displayed.
Cannot edit JSON files in File Manager evolution fix
A recent upgrade to the File Manager file editor content loading request caused valid JSON files to fail to load, showing an empty editor instead.
This issue is fixed in this version.
Updated systemd socket configuration for isolated PHP-FPM mode fix
Old systemd (on RHEL 8 systems) do not properly support working directory management for socket files (the RuntimeDirectoryPreserve option). This caused isolated PHP-FPM service reconfiguration to remove other sockets on RHEL 8 systems.
The isolated PHP-FPM socket configuration file is updated to manually manage the working directory lifecycle. This makes it work correctly on all supported Linux distributions.
Removed tokens from custom menu entries evolution removal
Tokens (|DOMAIN|, |WEBAPPS_SSL|, |HOSTNAME|, |WEBMAIL_LINK|) no longer resolve to different values for menu entries added within "Customize Evolution Skin" page.
Support for the SPF DNS resource record type removal
The email Sender Policy Framework (also known as SPF) uses the DNS TXT record type. The explicit SPF DNS record should not be used by the SPF implementations.
Starting with this release, DirectAdmin will no longer support the explicit SPF DNS record type. The configuration option dns_spf, which used to enable this functionality, is removed.
Removed SpamAssassin update frequency setting custombuild removal
The CustomBuild option sa_update is removed from the options.conf file. This option was used to control how often the script to update SpamAssassin rules is called.
The new rules update file will run once per day by default. The execution frequency and update command can be customised by creating a custom copy of the configure/spamassassin/sa-update-cron file.