Minor information leak in suggest_ips()
When creating an DNS A record you get an set of suggestions for the 'IP-Address' field. For a user that has access to just one zone this reveals info from all other zones and from other servers they don't have access to.
I've pushed a quick fix to my xxxx-dns-record-auth-filter branch. I hope you have a better solution then copying getAuthSQL() but this demonstrates the idea :)
PS: That suggestion list also gets really long on a server with many DNS zones ... but this filtering should help for most client users.