diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php
index 91359a3765c2f73f07d61dfb8e7e9a9f506edb69..6a8d7bdc3ecbcfa71a57cf33bef6480f51f53c3e 100644
--- a/interface/lib/classes/tform.inc.php
+++ b/interface/lib/classes/tform.inc.php
@@ -855,10 +855,10 @@ class tform {
                         $result = false;
                         if($this->formDef["auth_preset"]["userid"] == $_SESSION["s"]["user"]["userid"] && stristr($perm,$this->formDef["auth_preset"]["perm_user"])) $result = true;
                         if($this->formDef["auth_preset"]["groupid"] == $_SESSION["s"]["user"]["groupid"] && stristr($perm,$this->formDef["auth_preset"]["perm_group"])) $result = true;
-                        if(@stristr($perm,$this->formDef["auth_preset"]["perm_other"])) $result = true;
+                        if(@stristr($this->formDef["auth_preset"]["perm_other"],$perm)) $result = true;
 
                         // if preset == 0, everyone can insert a record of this type
-                        if($this->formDef["auth_preset"]["userid"] == 0 AND $this->formDef["auth_preset"]["groupid"] == 0 AND (@stristr($perm,$this->formDef["auth_preset"]["perm_user"] OR @stristr($perm,$this->formDef["auth_preset"]["perm_group"])) $result = true;
+                        if($this->formDef["auth_preset"]["userid"] == 0 AND $this->formDef["auth_preset"]["groupid"] == 0 AND (@stristr($this->formDef["auth_preset"]["perm_user"],$perm) OR @stristr($this->formDef["auth_preset"]["perm_group"],$perm))) $result = true;
 
                         return $result;
 
diff --git a/interface/lib/classes/validate_dns.inc.php b/interface/lib/classes/validate_dns.inc.php
index c556da70d89b69bb805e61c048214f360cf11a11..a161510811d7a0aaf75c2eec71edfad6edb8910e 100644
--- a/interface/lib/classes/validate_dns.inc.php
+++ b/interface/lib/classes/validate_dns.inc.php
@@ -103,7 +103,7 @@ function validate_field($field, $area, $zoneid, $wildcard_allowed = 1){
   if(substr($field, -1) == '.'){
     if($i > 2 && $empty > 1) $error .= $desc." ".$app->tform->wordbook['error_invalid_characters']."<br>\r\n";
   } else {
-    if($empty > 0) $error .= $desc." ".$app->tform->wordbook['error_invalid_characters']."<br>\r\n";
+    if($empty > 0 && $field != '') $error .= $desc." ".$app->tform->wordbook['error_invalid_characters']."<br>\r\n";
   }
 
   if(substr($field, -1) == '.' && $area == 'Name'){
diff --git a/interface/web/dns/form/rr.tform.php b/interface/web/dns/form/rr.tform.php
index e9af9906b738ad9bbf2a0128781cd677b8134202..21beaca22b672ad9916ba7b7fdee9b77387de103 100644
--- a/interface/web/dns/form/rr.tform.php
+++ b/interface/web/dns/form/rr.tform.php
@@ -42,7 +42,7 @@ $form["db_table_idx"]        = "id";
 $form["db_history"]                = "yes";
 $form["tab_default"]        = "rr";
 $form["list_default"]        = "rr_list.php";
-$form["auth"]                        = 'no';  // yes / no
+$form["auth"]                        = 'yes';  // yes / no
 
 $form["auth_preset"]["userid"]  = 0; // 0 = id of the user, > 0 id must match with id of current user
 $form["auth_preset"]["groupid"] = 0; // 0 = default groupid of the user, > 0 id must match with groupid of current user
diff --git a/interface/web/dns/form/soa.tform.php b/interface/web/dns/form/soa.tform.php
index ca23e195da750af7721e3a3b0d72e2e01f23c1a1..5f3f3ba16d2372ba7b9bf78fae0962fca3364c15 100644
--- a/interface/web/dns/form/soa.tform.php
+++ b/interface/web/dns/form/soa.tform.php
@@ -42,7 +42,7 @@ $form["db_table_idx"]        = "id";
 $form["db_history"]                = "yes";
 $form["tab_default"]        = "soa";
 $form["list_default"]        = "soa_list.php";
-$form["auth"]                        = 'no'; // yes / no
+$form["auth"]                        = 'yes'; // yes / no
 
 $form["auth_preset"]["userid"]  = 0; // 0 = id of the user, > 0 id must match with id of current user
 $form["auth_preset"]["groupid"] = 0; // 0 = default groupid of the user, > 0 id must match with groupid of current user
diff --git a/interface/web/dns/rr_del.php b/interface/web/dns/rr_del.php
index d90001f494ebc3bcb3f78c051b02e160458cf867..e06ff8431054ae93fb189b55dec47a2d6a459f2a 100644
--- a/interface/web/dns/rr_del.php
+++ b/interface/web/dns/rr_del.php
@@ -56,7 +56,10 @@ class page_action extends tform_actions {
         function onDelete() {
                 global $app, $conf;
 
-                $rr = $app->db->queryOneRecord("SELECT * FROM rr WHERE id = ".$_REQUEST['id']);
+                $app->uses('tform');
+                if(!$rr = $app->db->queryOneRecord("SELECT * FROM rr WHERE id = ".$_REQUEST['id']." AND ".$app->tform->getAuthSQL('d'))) $app->error('not allowed');
+
+                //$rr = $app->db->queryOneRecord("SELECT * FROM rr WHERE id = ".$_REQUEST['id']);
                 $zone_id = $rr['zone'];
 
                 // update serial
diff --git a/interface/web/dns/rr_edit.php b/interface/web/dns/rr_edit.php
index 333111667c66f0642e81607fedb2e390898be318..00da24f7f8d111a2813addd56d3ca83c1313c45e 100644
--- a/interface/web/dns/rr_edit.php
+++ b/interface/web/dns/rr_edit.php
@@ -53,9 +53,16 @@ $app->load('tform_actions');
 
 class page_action extends tform_actions {
 
+
         function onSubmit() {
                 global $app, $conf;
 
+                if($this->dataRecord['id'] > 0){
+                  if(!$app->tform->checkPerm($this->dataRecord['id'],'u')) $app->error('not allowed');
+                } else {
+                  if(!$app->tform->checkPerm($this->dataRecord['id'],'i')) $app->error('not allowed');
+                }
+
                 $this->dataRecord["zone"] = $_SESSION['s']['list']['rr']['parent_id'];
 
                 $app->uses('validate_dns');
diff --git a/interface/web/dns/soa_del.php b/interface/web/dns/soa_del.php
index 9d84e32ce5e1b2e973b786f7f018636d7817e295..06560f579ffdbcd4654b4bcc4bf2ceefa2b36285 100644
--- a/interface/web/dns/soa_del.php
+++ b/interface/web/dns/soa_del.php
@@ -56,9 +56,12 @@ class page_action extends tform_actions {
         function onDelete() {
                 global $app, $conf;
 
+                $app->uses('tform');
+                if(!$soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".$_REQUEST['id']." AND ".$app->tform->getAuthSQL('d'))) $app->error('not allowed');
+
                 // PTR
                 if($conf['auto_create_ptr'] == 1 && trim($conf['default_ns']) != '' && trim($conf['default_mbox']) != ''){
-                  $soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".$_REQUEST['id']);
+                  //$soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".$_REQUEST['id']);
                   $rrs = $app->db->queryAllRecords("SELECT * FROM rr WHERE zone = '".$_REQUEST['id']."' AND (type = 'A' OR type = 'AAAA')");
                   if(!empty($rrs)){
                     foreach($rrs as $rr){
diff --git a/interface/web/dns/soa_edit.php b/interface/web/dns/soa_edit.php
index 5ad043c13225ace129da9b6a5f8ec7f0508b08c1..7c54670354a99b30d3cd638ca3df10754a08e5fb 100644
--- a/interface/web/dns/soa_edit.php
+++ b/interface/web/dns/soa_edit.php
@@ -56,6 +56,12 @@ class page_action extends tform_actions {
         function onSubmit() {
                 global $app, $conf;
 
+                if($this->dataRecord['id'] > 0){
+                  if(!$app->tform->checkPerm($this->dataRecord['id'],'u')) $app->error('not allowed');
+                } else {
+                  if(!$app->tform->checkPerm($this->dataRecord['id'],'i')) $app->error('not allowed');
+                }
+
                 $app->uses('validate_dns');
                 $app->tform->errorMessage .= $app->validate_dns->validate_soa($this->dataRecord);