diff --git a/api/api/settings.py b/api/api/settings.py
index d69ddb606..e517b1a39 100644
--- a/api/api/settings.py
+++ b/api/api/settings.py
@@ -118,6 +118,9 @@
             "100/h",
             "300/d",
         ],  # DNS API requests affecting RRset(s) of a single domain
+        "delegation_check": [
+            "10/h",
+        ],  # Manual delegation check per domain
         # UserRateThrottle
         "user": "2000/d",  # hard limit on requests by a) an authenticated user, b) an unauthenticated IP address
     },
@@ -170,6 +173,9 @@
 PSL_RESOLVER = os.environ.get("DESECSTACK_API_PSL_RESOLVER")
 LOCAL_PUBLIC_SUFFIXES = {"dedyn.%s" % os.environ["DESECSTACK_DOMAIN"]}
 
+# Delegation checker resolver
+DELEGATION_RESOLVER = os.environ.get("DESECSTACK_API_DELEGATION_RESOLVER", "resolver")
+
 # PowerDNS-related
 NSLORD_PDNS_API = "http://nslord:8081/api/v1/servers/localhost"
 NSLORD_PDNS_API_TOKEN = os.environ["DESECSTACK_NSLORD_APIKEY"]
@@ -210,14 +216,35 @@
 MINIMUM_TTL_DEFAULT = int(os.environ["DESECSTACK_MINIMUM_TTL_DEFAULT"])
 MAXIMUM_TTL = 86400
 AUTH_USER_MODEL = "desecapi.User"
-LIMIT_USER_DOMAIN_COUNT_DEFAULT = int(
-    os.environ.get("DESECSTACK_API_LIMIT_USER_DOMAIN_COUNT_DEFAULT", "1")
+_limit_domains_raw = os.environ.get(
+    "DESECSTACK_API_LIMIT_USER_DOMAIN_COUNT_DEFAULT", "none"
+).lower()
+LIMIT_USER_DOMAIN_COUNT_DEFAULT = (
+    None
+    if _limit_domains_raw in {"none", "null", "unlimited", "inf"}
+    else int(_limit_domains_raw)
+)
+_limit_insecure_raw = os.environ.get(
+    "DESECSTACK_API_LIMIT_USER_INSECURE_DOMAIN_COUNT_DEFAULT", "none"
+).lower()
+LIMIT_USER_INSECURE_DOMAIN_COUNT_DEFAULT = (
+    None
+    if _limit_insecure_raw in {"none", "null", "unlimited", "inf"}
+    else int(_limit_insecure_raw)
 )
 USER_ACTIVATION_REQUIRED = True
 VALIDITY_PERIOD_VERIFICATION_SIGNATURE = timedelta(
     hours=int(os.environ.get("DESECSTACK_API_AUTHACTION_VALIDITY", "0"))
 )
 REGISTER_LPS = bool(int(os.environ.get("DESECSTACK_API_REGISTER_LPS", "1")))
+_delegation_recheck_raw = os.environ.get(
+    "DESECSTACK_API_DELEGATION_SECURE_RECHECK_HOURS", "24"
+).lower()
+DELEGATION_SECURE_RECHECK_INTERVAL = (
+    None
+    if _delegation_recheck_raw in {"none", "null", "off", "disabled"}
+    else timedelta(hours=int(_delegation_recheck_raw))
+)
 
 # CAPTCHA
 CAPTCHA_VALIDITY_PERIOD = timedelta(hours=24)
@@ -248,7 +275,8 @@
 
 if os.environ.get("DESECSTACK_E2E_TEST", "").upper() == "TRUE":
     DEBUG = True
-    LIMIT_USER_DOMAIN_COUNT_DEFAULT = 5000
+    LIMIT_USER_DOMAIN_COUNT_DEFAULT = None
+    LIMIT_USER_INSECURE_DOMAIN_COUNT_DEFAULT = None
     USER_ACTIVATION_REQUIRED = False
     EMAIL_BACKEND = "django.core.mail.backends.dummy.EmailBackend"
     REST_FRAMEWORK["DEFAULT_THROTTLE_CLASSES"] = []
diff --git a/api/api/settings_quick_test.py b/api/api/settings_quick_test.py
index 513073b30..5f8436632 100644
--- a/api/api/settings_quick_test.py
+++ b/api/api/settings_quick_test.py
@@ -36,6 +36,8 @@
 # Carry email backend connection over to test mail outbox
 CELERY_EMAIL_MESSAGE_EXTRA_ATTRIBUTES = ["connection"]
 
-LIMIT_USER_DOMAIN_COUNT_DEFAULT = 15
+LIMIT_USER_DOMAIN_COUNT_DEFAULT = None
+LIMIT_USER_INSECURE_DOMAIN_COUNT_DEFAULT = None
+DELEGATION_SECURE_RECHECK_INTERVAL = None
 
 PCH_API = "http://api.invalid"
diff --git a/api/cronhook/crontab b/api/cronhook/crontab
index acdd86679..013a14f9d 100644
--- a/api/cronhook/crontab
+++ b/api/cronhook/crontab
@@ -1,3 +1,4 @@
 */5 * * * * /usr/local/bin/python3 -u /usr/src/app/manage.py chores >> /var/log/cron.log 2>&1
+*/30 * * * * /usr/local/bin/python3 -u /usr/src/app/manage.py check-delegation >> /var/log/cron.log 2>&1
 */15 * * * * /usr/local/bin/python3 -u /usr/src/app/manage.py check-secondaries >> /var/log/cron.log 2>&1
 7 11 * * * /usr/local/bin/python3 -u /usr/src/app/manage.py scavenge-unused >> /var/log/cron.log 2>&1
diff --git a/api/desecapi/delegation.py b/api/desecapi/delegation.py
new file mode 100644
index 000000000..78434fa27
--- /dev/null
+++ b/api/desecapi/delegation.py
@@ -0,0 +1,122 @@
+from functools import cache
+from socket import getaddrinfo
+
+from django.conf import settings
+from django.utils import timezone
+import dns.exception, dns.flags, dns.message, dns.name, dns.query, dns.resolver
+
+
+SERVER = settings.DELEGATION_RESOLVER
+DNS_TIMEOUT = 5
+
+
+@cache
+def lookup(target):
+    try:
+        addrinfo = getaddrinfo(str(target), None)
+    except OSError:
+        addrinfo = []
+    return {v[-1][0] for v in addrinfo}
+
+
+class DelegationChecker:
+    def __init__(self, udp_retries=2, server=SERVER):
+        self.udp_retries = udp_retries
+        self.server = server
+        self.our_ns_set = {dns.name.from_text(ns) for ns in settings.DEFAULT_NS}
+        self.our_ip_set = set.union(*(lookup(ns) for ns in self.our_ns_set))
+
+    def query_with_fallback(self, query):
+        if self.udp_retries <= 0:
+            return dns.query.tcp(query, self.server, timeout=DNS_TIMEOUT)
+        last_error = None
+        for _ in range(self.udp_retries):
+            try:
+                return dns.query.udp(query, self.server, timeout=DNS_TIMEOUT)
+            except Exception as ex:
+                last_error = ex
+        return dns.query.tcp(query, self.server, timeout=DNS_TIMEOUT)
+
+    def resolve_with_fallback(self, resolver, name, rdtype):
+        if self.udp_retries <= 0:
+            return resolver.resolve(name, rdtype, tcp=True)
+        last_error = None
+        for _ in range(self.udp_retries):
+            try:
+                return resolver.resolve(name, rdtype, tcp=False)
+            except Exception as ex:
+                last_error = ex
+        return resolver.resolve(name, rdtype, tcp=True)
+
+    def check_domain(self, domain):
+        # Identify parent
+        now = timezone.now()
+        domain_name = dns.name.from_text(domain.name)
+        parent = domain_name.parent()
+        resolver = dns.resolver.Resolver()
+        while len(parent):
+            query = dns.message.make_query(parent, dns.rdatatype.NS)
+            res = self.query_with_fallback(query)
+            if res.answer:
+                break
+            parent = parent.parent()
+
+        # Find delegation NS hostnames and IP addresses
+        try:
+            ns = res.find_rrset(res.answer, parent, dns.rdataclass.IN, dns.rdatatype.NS)
+        except KeyError:
+            raise dns.resolver.NoNameservers
+        ipv4 = set()
+        ipv6 = set()
+        for rr in ns:
+            ipv4 |= {ip for ip in lookup(rr.target) if "." in ip}
+            ipv6 |= {ip for ip in lookup(rr.target) if "." not in ip}
+
+        resolver.nameserver = list(ipv4) + list(ipv6)
+        try:
+            answer = self.resolve_with_fallback(resolver, domain_name, dns.rdatatype.NS)
+        except (dns.resolver.NoAnswer, dns.resolver.NXDOMAIN):
+            return {
+                "id": domain.id,
+                "delegation_checked": now,
+                "is_registered": False,
+                "has_all_nameservers": None,
+                "is_delegated": None,
+                "is_secured": None,
+            }
+        update = {
+            "id": domain.id,
+            "delegation_checked": now,
+            "is_registered": True,
+        }
+
+        # Compute overlap of delegation NS hostnames and IP addresses with ours
+        ns_intersection = self.our_ns_set & {name.target for name in answer}
+        update["has_all_nameservers"] = ns_intersection == self.our_ns_set
+
+        ns_ip_intersection = self.our_ip_set & set.union(
+            *(lookup(rr.target) for rr in answer)
+        )
+        # .is_delegated: None means "not delegated to deSEC", False means "partial", True means "fully"
+        if not ns_ip_intersection:
+            update["is_delegated"] = None
+        else:
+            update["is_delegated"] = ns_ip_intersection == self.our_ip_set
+
+        # Find delegation DS records and check validator-authenticated result
+        if ns_ip_intersection:
+            query = dns.message.make_query(domain_name, dns.rdatatype.DS)
+            res = self.query_with_fallback(query)
+            try:
+                res.find_rrset(
+                    res.answer, domain_name, dns.rdataclass.IN, dns.rdatatype.DS
+                )
+                has_ds = True
+            except KeyError:
+                has_ds = False
+            # AD bit indicates the resolver validated the DS answer.
+            authenticated = bool(res.flags & dns.flags.AD)
+            update["is_secured"] = bool(has_ds and authenticated)
+        else:
+            update["is_secured"] = None
+        return update
diff --git a/api/desecapi/management/commands/check-delegation.py b/api/desecapi/management/commands/check-delegation.py
new file mode 100644
index 000000000..e48e4eecf
--- /dev/null
+++ b/api/desecapi/management/commands/check-delegation.py
@@ -0,0 +1,129 @@
+from concurrent.futures import ThreadPoolExecutor, as_completed
+import time
+
+from django.conf import settings
+from django.core.cache import cache as django_cache
+from django.core.management import BaseCommand, CommandError
+from django.db.models import Q
+import dns.exception, dns.resolver
+
+from desecapi.delegation import DelegationChecker
+from desecapi.models import Domain
+
+
+LOCK_KEY = "desecapi.check-delegation.lock"
+LOCK_TTL = 60 * 60
+SAVE_BATCH_SIZE = 500
+MAX_RUN_SECONDS = 60 * 60
+
+
+class Command(BaseCommand):
+    help = "Check delegation status."
+
+    def __init__(self, *args, **kwargs):
+        self.checker = DelegationChecker()
+        super().__init__(*args, **kwargs)
+
+    def add_arguments(self, parser):
+        parser.add_argument(
+            "domain-name",
+            nargs="*",
+            help="Domain name to check. If omitted, will check all domains not registered under a local public suffix.",
+        )
+        parser.add_argument(
+            "--udp-retries",
+            type=int,
+            default=2,
+            help="Number of UDP retries before falling back to TCP. Set to 0 to disable UDP.",
+        )
+        parser.add_argument(
+            "--threads",
+            type=int,
+            default=20,
+            help="Number of worker threads to use.",
+        )
+
+    def run_check(self, options):
+        self.checker.udp_retries = options["udp_retries"]
+        threads = options["threads"]
+        qs = Domain.objects
+        if options["domain-name"]:
+            qs = qs.filter(
+                name__in=[name.rstrip(".") for name in options["domain-name"]]
+            )
+        if settings.DELEGATION_SECURE_RECHECK_INTERVAL is not None:
+            cutoff = timezone.now() - settings.DELEGATION_SECURE_RECHECK_INTERVAL
+            qs = qs.exclude(Q(is_secured=True) & Q(delegation_checked__gte=cutoff))
+        domains = [domain for domain in qs.all() if not domain.is_locally_registrable]
+
+        def worker(domain):
+            try:
+                update = self.checker.check_domain(domain)
+            except (dns.exception.Timeout, dns.resolver.LifetimeTimeout):
+                return ("timeout", domain, None)
+            except dns.resolver.NoNameservers:
+                return ("unresponsive", domain, None)
+            return ("ok", domain, update)
+
+        if threads <= 1:
+            results = map(worker, domains)
+        else:
+            executor = ThreadPoolExecutor(max_workers=threads)
+            futures = [executor.submit(worker, domain) for domain in domains]
+            results = (future.result() for future in as_completed(futures))
+
+        updates = []
+        for status, domain, update in results:
+            if status == "timeout":
+                print(f"{domain.name} Timeout")
+                continue
+            if status == "unresponsive":
+                print(f"{domain.name} Unresponsive")
+                continue
+            updates.append(update)
+            if update["is_registered"] and update["is_delegated"] is not None:
+                print(
+                    f"{domain.owner.email} {domain.name} {update['has_all_nameservers']=} {update['is_secured']=}"
+                )
+            else:
+                print(
+                    f"{domain.owner.email} {domain.name} {update['is_registered']=} delegated=False"
+                )
+        if not updates:
+            return
+        for i in range(0, len(updates), SAVE_BATCH_SIZE):
+            batch = updates[i : i + SAVE_BATCH_SIZE]
+            objs = []
+            for update in batch:
+                domain = Domain(id=update["id"])
+                domain.delegation_checked = update["delegation_checked"]
+                domain.is_registered = update["is_registered"]
+                domain.has_all_nameservers = update["has_all_nameservers"]
+                domain.is_delegated = update["is_delegated"]
+                domain.is_secured = update["is_secured"]
+                objs.append(domain)
+            Domain.objects.bulk_update(
+                objs,
+                [
+                    "delegation_checked",
+                    "is_registered",
+                    "has_all_nameservers",
+                    "is_delegated",
+                    "is_secured",
+                ],
+            )
+
+    def handle(self, *args, **options):
+        lock_acquired = django_cache.add(LOCK_KEY, "1", timeout=LOCK_TTL)
+        if not lock_acquired:
+            raise CommandError("check-delegation is already running.")
+        try:
+            start = time.monotonic()
+            self.run_check(options)
+            elapsed = time.monotonic() - start
+            self.stdout.write(f"check-delegation runtime: {elapsed:.2f}s")
+            if elapsed > MAX_RUN_SECONDS:
+                raise CommandError("check-delegation exceeded maximum runtime.")
+        finally:
+            if lock_acquired:
+                django_cache.delete(LOCK_KEY)
diff --git a/api/desecapi/migrations/0045_domain_delegation_status.py b/api/desecapi/migrations/0045_domain_delegation_status.py
new file mode 100644
index 000000000..4ac12c593
--- /dev/null
+++ b/api/desecapi/migrations/0045_domain_delegation_status.py
@@ -0,0 +1,35 @@
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("desecapi", "0044_alter_captcha_created_alter_domain_renewal_state_and_more"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="domain",
+            name="delegation_checked",
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name="domain",
+            name="has_all_nameservers",
+            field=models.BooleanField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name="domain",
+            name="is_delegated",
+            field=models.BooleanField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name="domain",
+            name="is_registered",
+            field=models.BooleanField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name="domain",
+            name="is_secured",
+            field=models.BooleanField(blank=True, null=True),
+        ),
+    ]
diff --git a/api/desecapi/migrations/0046_user_limit_insecure_domains.py b/api/desecapi/migrations/0046_user_limit_insecure_domains.py
new file mode 100644
index 000000000..a538b3687
--- /dev/null
+++ b/api/desecapi/migrations/0046_user_limit_insecure_domains.py
@@ -0,0 +1,21 @@
+from django.db import migrations, models
+
+import desecapi.models.users
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("desecapi", "0045_domain_delegation_status"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="user",
+            name="limit_insecure_domains",
+            field=models.PositiveIntegerField(
+                blank=True,
+                default=desecapi.models.users.User._limit_insecure_domains_default,
+                null=True,
+            ),
+        ),
+    ]
diff --git a/api/desecapi/models/domains.py b/api/desecapi/models/domains.py
index cd4f5c488..cb0447a8f 100644
--- a/api/desecapi/models/domains.py
+++ b/api/desecapi/models/domains.py
@@ -63,6 +63,11 @@ class RenewalState(models.IntegerChoices):
         choices=RenewalState.choices, db_index=True, default=RenewalState.IMMORTAL
     )
     renewal_changed = models.DateTimeField(auto_now_add=True)
+    delegation_checked = models.DateTimeField(null=True, blank=True)
+    is_registered = models.BooleanField(null=True, blank=True)
+    has_all_nameservers = models.BooleanField(null=True, blank=True)
+    is_delegated = models.BooleanField(null=True, blank=True)
+    is_secured = models.BooleanField(null=True, blank=True)
 
     _keys = None
     objects = DomainManager()
diff --git a/api/desecapi/models/users.py b/api/desecapi/models/users.py
index 025d4dac0..b37bc5e0b 100644
--- a/api/desecapi/models/users.py
+++ b/api/desecapi/models/users.py
@@ -33,6 +33,10 @@ class User(ExportModelOperationsMixin("User"), AbstractBaseUser):
     def _limit_domains_default():
         return settings.LIMIT_USER_DOMAIN_COUNT_DEFAULT
 
+    @staticmethod
+    def _limit_insecure_domains_default():
+        return settings.LIMIT_USER_INSECURE_DOMAIN_COUNT_DEFAULT
+
     id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
     email = models.EmailField(
         verbose_name="email address",
@@ -47,6 +51,9 @@ def _limit_domains_default():
     limit_domains = models.PositiveIntegerField(
         default=_limit_domains_default.__func__, null=True, blank=True
     )
+    limit_insecure_domains = models.PositiveIntegerField(
+        default=_limit_insecure_domains_default.__func__, null=True, blank=True
+    )
     needs_captcha = models.BooleanField(default=True)
     outreach_preference = models.BooleanField(default=True)
     throttle_daily_rate = models.PositiveIntegerField(null=True)
diff --git a/api/desecapi/permissions.py b/api/desecapi/permissions.py
index 4d80c888b..fe58c1391 100644
--- a/api/desecapi/permissions.py
+++ b/api/desecapi/permissions.py
@@ -1,5 +1,6 @@
 from ipaddress import IPv4Address, IPv4Network
 
+from django.conf import settings
 from rest_framework import permissions
 
 from desecapi.models import RRset
@@ -175,3 +176,24 @@ def has_permission(self, request, view):
             request.user.limit_domains is None
             or request.user.domains.count() < request.user.limit_domains
         )
+
+
+class WithinInsecureDelegatedDomainLimit(permissions.BasePermission):
+    """
+    Permission that limits the number of domains delegated without DNSSEC.
+    """
+
+    message = (
+        "Insecure delegation limit exceeded. Please secure an existing domain with DNSSEC before creating more domains."
+    )
+
+    def has_permission(self, request, view):
+        limit = request.user.limit_insecure_domains
+        if limit is None:
+            return True
+        if limit == 0:
+            return False
+        insecure_count = request.user.domains.filter(
+            is_registered=True, is_delegated=True
+        ).exclude(is_secured=True).count()
+        return insecure_count < limit
diff --git a/api/desecapi/serializers/domains.py b/api/desecapi/serializers/domains.py
index 49c518fc2..5638ce93f 100644
--- a/api/desecapi/serializers/domains.py
+++ b/api/desecapi/serializers/domains.py
@@ -1,6 +1,7 @@
 import dns.name
 import dns.zone
 from django.conf import settings
+from django.utils import timezone
 from rest_framework import serializers
 
 from desecapi.models import Domain, RR_SET_TYPES_AUTOMATIC
@@ -20,6 +21,11 @@ class Meta:
         model = Domain
         fields = (
             "created",
+            "delegation_checked",
+            "has_all_nameservers",
+            "is_delegated",
+            "is_registered",
+            "is_secured",
             "published",
             "name",
             "keys",
@@ -28,6 +34,11 @@ class Meta:
             "zonefile",
         )
         read_only_fields = (
+            "delegation_checked",
+            "has_all_nameservers",
+            "is_delegated",
+            "is_registered",
+            "is_secured",
             "published",
             "minimum_ttl",
         )
@@ -100,6 +111,21 @@ def validate(self, attrs):
     def create(self, validated_data):
         # save domain
         domain: Domain = super().create(validated_data)
+        if domain.is_locally_registrable:
+            domain.delegation_checked = timezone.now()
+            domain.is_registered = True
+            domain.has_all_nameservers = True
+            domain.is_delegated = True
+            domain.is_secured = True
+            domain.save(
+                update_fields=[
+                    "delegation_checked",
+                    "is_registered",
+                    "has_all_nameservers",
+                    "is_delegated",
+                    "is_secured",
+                ]
+            )
 
         # save RRsets if zonefile was given
         nodes = getattr(self.import_zone, "nodes", None)
diff --git a/api/desecapi/serializers/users.py b/api/desecapi/serializers/users.py
index 05ebb8d00..88e7ba2ad 100644
--- a/api/desecapi/serializers/users.py
+++ b/api/desecapi/serializers/users.py
@@ -31,6 +31,7 @@ class ResetPasswordSerializer(EmailSerializer):
 
 class UserSerializer(serializers.ModelSerializer):
     domains_under_management = serializers.SerializerMethodField()
+    insecure_delegated_domains = serializers.SerializerMethodField()
 
     class Meta:
         model = User
@@ -40,6 +41,8 @@ class Meta:
             "email",
             "id",
             "limit_domains",
+            "limit_insecure_domains",
+            "insecure_delegated_domains",
             "outreach_preference",
         )
         read_only_fields = (
@@ -48,6 +51,8 @@ class Meta:
             "email",
             "id",
             "limit_domains",
+            "limit_insecure_domains",
+            "insecure_delegated_domains",
         )
 
     def get_domains_under_management(self, obj):
@@ -60,6 +65,11 @@ def get_domains_under_management(self, obj):
             .count()
         )
 
+    def get_insecure_delegated_domains(self, obj):
+        return obj.domains.filter(is_registered=True, is_delegated=True).exclude(
+            is_secured=True
+        ).count()
+
     def validate_password(self, value):
         if value is not None:
             validate_password(value)
diff --git a/api/desecapi/tests/test_domains.py b/api/desecapi/tests/test_domains.py
index ed54d0a34..46d4e420a 100644
--- a/api/desecapi/tests/test_domains.py
+++ b/api/desecapi/tests/test_domains.py
@@ -1,9 +1,11 @@
 from contextlib import nullcontext
+from unittest.mock import Mock, patch
 
 from django.conf import settings
 from django.core import mail
 from django.core.exceptions import ValidationError
 from django.test import override_settings
+from django.utils import timezone
 from rest_framework import status
 
 from desecapi.models import Domain
@@ -232,6 +234,19 @@ def test_name_validity(self):
                 Domain(owner=self.owner, name=name).save()
 
     def test_list_domains(self):
+        self.my_domain.is_registered = True
+        self.my_domain.is_delegated = True
+        self.my_domain.has_all_nameservers = True
+        self.my_domain.is_secured = False
+        self.my_domain.save(
+            update_fields=[
+                "is_registered",
+                "is_delegated",
+                "has_all_nameservers",
+                "is_secured",
+            ]
+        )
+
         response = self.client.get(self.reverse("v1:domain-list"))
         self.assertStatus(response, status.HTTP_200_OK)
         self.assertEqual(len(response.data), self.NUM_OWNED_DOMAINS)
@@ -240,6 +255,50 @@ def test_list_domains(self):
         expected_set = {domain.name for domain in self.my_domains}
         self.assertEqual(response_set, expected_set)
         self.assertFalse(any("keys" in data for data in response.data))
+        for data in response.data:
+            for field in (
+                "delegation_checked",
+                "is_registered",
+                "has_all_nameservers",
+                "is_delegated",
+                "is_secured",
+            ):
+                self.assertIn(field, data)
+
+        my_domain_data = next(
+            entry for entry in response.data if entry["name"] == self.my_domain.name
+        )
+        self.assertTrue(my_domain_data["is_registered"])
+        self.assertTrue(my_domain_data["is_delegated"])
+        self.assertTrue(my_domain_data["has_all_nameservers"])
+        self.assertFalse(my_domain_data["is_secured"])
+
+    def test_delegation_check_endpoint(self):
+        url = (
+            self.reverse("v1:domain-detail", name=self.my_domain.name)
+            + "delegation-check/"
+        )
+        now = timezone.now()
+        update = {
+            "id": self.my_domain.id,
+            "delegation_checked": now,
+            "is_registered": True,
+            "has_all_nameservers": True,
+            "is_delegated": True,
+            "is_secured": True,
+        }
+        checker = Mock()
+        checker.check_domain.return_value = update
+        with patch("desecapi.views.domains.DelegationChecker", return_value=checker):
+            response = self.client.post(url)
+        self.assertStatus(response, status.HTTP_200_OK)
+        self.my_domain.refresh_from_db()
+        self.assertTrue(self.my_domain.is_registered)
+        self.assertTrue(self.my_domain.has_all_nameservers)
+        self.assertTrue(self.my_domain.is_delegated)
+        self.assertTrue(self.my_domain.is_secured)
+        self.assertIsNotNone(self.my_domain.delegation_checked)
+        self.assertEqual(response.data["is_registered"], True)
 
     def test_list_domains_owns_qname(self):
         # Domains outside this account or non-existent
@@ -930,17 +989,38 @@ def test_create_auto_delegated_domains(self):
             self.assertTrue(domain.is_locally_registrable)
             self.assertEqual(domain.renewal_state, Domain.RenewalState.FRESH)
 
-    def test_domain_limit(self):
+    def test_create_many_local_public_suffix_domains(self):
         url = self.reverse("v1:domain-list")
-        user_quota = settings.LIMIT_USER_DOMAIN_COUNT_DEFAULT - self.NUM_OWNED_DOMAINS
+        self.owner.limit_domains = self.NUM_OWNED_DOMAINS + 5
+        self.owner.limit_insecure_domains = 1
+        self.owner.save(update_fields=["limit_domains", "limit_insecure_domains"])
 
-        for i in range(user_quota):
-            name = self.random_domain_name(self.AUTO_DELEGATION_DOMAINS)
+        suffix = next(iter(self.AUTO_DELEGATION_DOMAINS))
+        created = []
+        for _ in range(5):
+            name = self.random_domain_name(suffix)
             with self.assertRequests(
-                self.requests_desec_domain_creation_auto_delegation(name)
+                self.requests_desec_domain_creation_auto_delegation(name=name)
             ):
                 response = self.client.post(url, {"name": name})
                 self.assertStatus(response, status.HTTP_201_CREATED)
+            created.append(name)
+
+        for name in created:
+            domain = Domain.objects.get(name=name)
+            self.assertTrue(domain.is_locally_registrable)
+            self.assertTrue(domain.is_secured)
+            self.assertIsNotNone(domain.delegation_checked)
+
+    def test_domain_limit(self):
+        url = self.reverse("v1:domain-list")
+        self.owner.limit_domains = self.NUM_OWNED_DOMAINS + 1
+        self.owner.save(update_fields=["limit_domains"])
+
+        name = self.random_domain_name(self.AUTO_DELEGATION_DOMAINS)
+        with self.assertRequests(self.requests_desec_domain_creation_auto_delegation(name)):
+            response = self.client.post(url, {"name": name})
+            self.assertStatus(response, status.HTTP_201_CREATED)
 
         response = self.client.post(
             url, {"name": self.random_domain_name(self.AUTO_DELEGATION_DOMAINS)}
@@ -950,6 +1030,40 @@ def test_domain_limit(self):
         )
         self.assertFalse(mail.outbox)  # do not send email
 
+    def test_insecure_delegation_limit(self):
+        url = self.reverse("v1:domain-list")
+        insecure_domain = self.my_domain
+        insecure_domain.is_registered = True
+        insecure_domain.is_delegated = True
+        insecure_domain.is_secured = False
+        insecure_domain.save(
+            update_fields=["is_registered", "is_delegated", "is_secured"]
+        )
+
+        self.owner.limit_insecure_domains = 1
+        self.owner.save(update_fields=["limit_insecure_domains"])
+        response = self.client.post(
+            url, {"name": self.random_domain_name(self.AUTO_DELEGATION_DOMAINS)}
+        )
+        self.assertContains(
+            response,
+            "Insecure delegation limit",
+            status_code=status.HTTP_403_FORBIDDEN,
+        )
+
+    def test_insecure_delegation_limit_zero(self):
+        url = self.reverse("v1:domain-list")
+        self.owner.limit_insecure_domains = 0
+        self.owner.save(update_fields=["limit_insecure_domains"])
+        response = self.client.post(
+            url, {"name": self.random_domain_name(self.AUTO_DELEGATION_DOMAINS)}
+        )
+        self.assertContains(
+            response,
+            "Insecure delegation limit",
+            status_code=status.HTTP_403_FORBIDDEN,
+        )
+
     def test_domain_minimum_ttl(self):
         url = self.reverse("v1:domain-list")
         name = self.random_domain_name(self.AUTO_DELEGATION_DOMAINS)
diff --git a/api/desecapi/tests/test_user_management.py b/api/desecapi/tests/test_user_management.py
index c432ee810..caaea1956 100644
--- a/api/desecapi/tests/test_user_management.py
+++ b/api/desecapi/tests/test_user_management.py
@@ -762,6 +762,7 @@ def test_registration_late_captcha(self):
 
     def test_registration_with_override_token(self):
         limit_domains = 15
+        limit_insecure_domains = settings.LIMIT_USER_INSECURE_DOMAIN_COUNT_DEFAULT
         token = self.create_token(owner=self.create_user(), perm_manage_tokens=True)
         self.client.credentials(HTTP_AUTHORIZATION="Token " + token.plain)
 
@@ -789,6 +790,7 @@ def test_registration_with_override_token(self):
             self.assertTrue(user.needs_captcha)
             self.assertFalse(user.outreach_preference)
             self.assertEqual(user.limit_domains, limit_domains)
+            self.assertEqual(user.limit_insecure_domains, limit_insecure_domains)
             self.assertPassword(email, None)
 
             # Check confirmation email
@@ -818,6 +820,7 @@ def test_registration_with_override_token(self):
             user.refresh_from_db()
             self.assertTrue(user.is_active)
             self.assertEqual(user.limit_domains, limit_domains)
+            self.assertEqual(user.limit_insecure_domains, limit_insecure_domains)
             self.assertFalse(user.needs_captcha)
             self.assertEqual(user.outreach_preference, outreach_preference)
             self.assertPassword(email, None)
@@ -937,6 +940,8 @@ def test_view_account(self):
                 "email",
                 "id",
                 "limit_domains",
+                "limit_insecure_domains",
+                "insecure_delegated_domains",
                 "outreach_preference",
             },
         )
@@ -947,6 +952,11 @@ def test_view_account(self):
         self.assertEqual(
             response.data["limit_domains"], settings.LIMIT_USER_DOMAIN_COUNT_DEFAULT
         )
+        self.assertEqual(
+            response.data["limit_insecure_domains"],
+            settings.LIMIT_USER_INSECURE_DOMAIN_COUNT_DEFAULT,
+        )
+        self.assertEqual(response.data["insecure_delegated_domains"], 0)
         self.assertTrue(response.data["outreach_preference"])
 
     def test_view_account_forbidden_methods(self):
@@ -965,6 +975,7 @@ def test_view_account_update(self):
             "email",
             "id",
             "limit_domains",
+            "limit_insecure_domains",
             "password",
         )
         immutable_values = [getattr(user, key) for key in immutable_fields]
@@ -979,6 +990,7 @@ def test_view_account_update(self):
                     "email": "youremailaddress@example.com",
                     "id": "9ab16e5c-805d-4ab1-9030-af3f5a541d47",
                     "limit_domains": 42,
+                    "limit_insecure_domains": 0,
                     "password": self.random_password(),
                     "outreach_preference": outreach_preference,
                 },
diff --git a/api/desecapi/urls/version_1.py b/api/desecapi/urls/version_1.py
index 3ff1af835..38f6f9b00 100644
--- a/api/desecapi/urls/version_1.py
+++ b/api/desecapi/urls/version_1.py
@@ -53,6 +53,11 @@
     path("", views.Root.as_view(), name="root"),
     # Domain and RRSet management
     path("domains/", include(domains_router.urls)),
+    path(
+        "domains/<name>/delegation-check/",
+        views.DomainViewSet.as_view({"post": "delegation_check"}),
+        name="domain-delegation-check",
+    ),
     path("domains/<name>/rrsets/", views.RRsetList.as_view(), name="rrsets"),
     path(
         "domains/<name>/rrsets/.../<type>/",
diff --git a/api/desecapi/views/domains.py b/api/desecapi/views/domains.py
index a535467ee..1fb241db1 100644
--- a/api/desecapi/views/domains.py
+++ b/api/desecapi/views/domains.py
@@ -12,6 +12,7 @@
 from rest_framework.views import APIView
 
 from desecapi import permissions
+from desecapi.delegation import DelegationChecker
 from desecapi.models import Domain
 from desecapi.pdns import get_serials
 from desecapi.pdns_change_tracker import PDNSChangeTracker
@@ -47,14 +48,19 @@ def permission_classes(self):
                 case "create":
                     ret.append(permissions.HasCreateDomainPermission)
                     ret.append(permissions.WithinDomainLimit)
+                    ret.append(permissions.WithinInsecureDelegatedDomainLimit)
                 case "destroy":
                     ret.append(permissions.HasDeleteDomainPermission)
+                case "delegation_check":
+                    pass
                 case _:
                     raise ValueError(f"Invalid action: {self.action}")
         return ret
 
     @property
     def throttle_scope(self):
+        if self.action == "delegation_check":
+            return "delegation_check"
         if self.action == "zonefile":
             self.throttle_scope_bucket = self.kwargs["name"]
             return "dns_api_per_domain_expensive"
@@ -136,6 +142,28 @@ def zonefile(self, request, name=None):
         prefix = f"; Zonefile for {instance.name} exported from desec.{settings.DESECSTACK_DOMAIN} at {datetime.now(timezone.utc)}\n".encode()
         return Response(prefix + instance.zonefile, content_type="text/dns")
 
+    @action(detail=True, methods=["post"])
+    def delegation_check(self, request, name=None):
+        instance = self.get_object()
+        checker = DelegationChecker()
+        update = checker.check_domain(instance)
+        instance.delegation_checked = update["delegation_checked"]
+        instance.is_registered = update["is_registered"]
+        instance.has_all_nameservers = update["has_all_nameservers"]
+        instance.is_delegated = update["is_delegated"]
+        instance.is_secured = update["is_secured"]
+        instance.save(
+            update_fields=[
+                "delegation_checked",
+                "is_registered",
+                "has_all_nameservers",
+                "is_delegated",
+                "is_secured",
+            ]
+        )
+        serializer = self.get_serializer(instance)
+        return Response(serializer.data)
+
 
 class SerialListView(APIView):
     permission_classes = (permissions.IsVPNClient,)
diff --git a/api/desecapi/views/tokens.py b/api/desecapi/views/tokens.py
index f03589337..2fc6179f7 100644
--- a/api/desecapi/views/tokens.py
+++ b/api/desecapi/views/tokens.py
@@ -64,6 +64,7 @@ def create(self, request, *args, **kwargs):
                 user_override = account_serializer.save(
                     is_active=None if settings.USER_ACTIVATION_REQUIRED else True,
                     limit_domains=15,
+                    limit_insecure_domains=settings.LIMIT_USER_INSECURE_DOMAIN_COUNT_DEFAULT,
                     outreach_preference=False,
                 )
                 serializers.AuthenticatedActivateUserWithOverrideTokenActionSerializer.build_and_save(
diff --git a/docker-compose.yml b/docker-compose.yml
index 696142319..8c7244194 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -131,6 +131,7 @@ services:
     - nsmaster
     - celery-email
     - memcached
+    - resolver
     tmpfs:
     - /var/local/django_metrics:size=500m
     environment:
@@ -163,6 +164,7 @@ services:
       rearapi_dbapi:
       rearapi_ns:
         ipv4_address: ${DESECSTACK_IPV4_REAR_PREFIX16}.1.10
+      rearapi_resolver:
       rearwww:
       rearmonitoring_api:
     logging:
@@ -358,6 +360,23 @@ services:
         tag: "desec/prometheus"
     restart: unless-stopped
 
+  resolver:
+    build: resolver
+    image: desec/dedyn-resolver:latest
+    init: true
+    cap_add:
+    - NET_ADMIN
+    environment:
+    - DESECSTACK_IPV4_REAR_PREFIX16
+    networks:
+      rearapi_resolver:
+        ipv4_address: ${DESECSTACK_IPV4_REAR_PREFIX16}.9.2
+    logging:
+      driver: "syslog"
+      options:
+        tag: "desec/resolver"
+    restart: unless-stopped
+
 volumes:
   dbapi_postgres:
   dblord_mysql:
@@ -403,6 +422,13 @@ networks:
       config:
       - subnet: ${DESECSTACK_IPV4_REAR_PREFIX16}.1.0/24
         gateway: ${DESECSTACK_IPV4_REAR_PREFIX16}.1.1
+  rearapi_resolver:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+      - subnet: ${DESECSTACK_IPV4_REAR_PREFIX16}.9.0/24
+        gateway: ${DESECSTACK_IPV4_REAR_PREFIX16}.9.1
   rearwww:
     driver: bridge
     ipam:
diff --git a/docs/auth/account.rst b/docs/auth/account.rst
index 718109067..2fa239d3d 100644
--- a/docs/auth/account.rst
+++ b/docs/auth/account.rst
@@ -239,6 +239,8 @@ A JSON object representing your user account will be returned::
         "email": "youremailaddress@example.com",
         "id": "9ab16e5c-805d-4ab1-9030-af3f5a541d47",
         "limit_domains": 15,
+        "limit_insecure_domains": 1,
+        "insecure_delegated_domains": 0,
         "outreach_preference": true
     }
 
@@ -271,6 +273,18 @@ Field details:
 
     Maximum number of domains the user can create.
 
+``limit_insecure_domains``
+    :Access mode: read-only
+
+    Maximum number of domains that may be delegated to deSEC without DNSSEC.
+    ``0`` means that creating new domains is not permitted.
+    ``null`` means unlimited.
+
+``insecure_delegated_domains``
+    :Access mode: read-only
+
+    Number of domains currently delegated without DNSSEC.
+
 ``outreach_preference``
     :Access mode: read, write
     :Type: boolean
diff --git a/docs/dns/domains.rst b/docs/dns/domains.rst
index e608b144e..4b00d768d 100644
--- a/docs/dns/domains.rst
+++ b/docs/dns/domains.rst
@@ -20,6 +20,11 @@ A JSON object representing a domain has the following structure::
 
     {
         "created": "2018-09-18T16:36:16.510368Z",
+        "delegation_checked": "2018-09-18T17:30:00.000000Z",
+        "has_all_nameservers": true,
+        "is_delegated": true,
+        "is_registered": true,
+        "is_secured": false,
         "keys": [
             {
                 "dnskey": "257 3 13 WFRl60...",
@@ -48,6 +53,38 @@ Field details:
     Timestamp of domain creation, in ISO 8601 format (e.g.
     ``2013-01-29T12:34:56.000000Z``).
 
+``delegation_checked``
+    :Access mode: read-only
+
+    Timestamp of the last delegation check. If no check has happened yet, this
+    field is ``null``.
+
+``has_all_nameservers``
+    :Access mode: read-only
+
+    ``true`` if the domain is delegated and all authoritative nameservers at the
+    parent match deSEC. ``false`` indicates a partial delegation. ``null`` if no
+    delegation information is available.
+
+``is_delegated``
+    :Access mode: read-only
+
+    ``true`` if the domain is delegated to deSEC, ``false`` if only partially,
+    ``null`` if delegation does not point to deSEC at all.
+
+``is_registered``
+    :Access mode: read-only
+
+    ``true`` if the domain exists in the public DNS, ``false`` if it is not
+    visible (yet), ``null`` if no check has been performed.
+
+``is_secured``
+    :Access mode: read-only
+
+    ``true`` if DNSSEC is correctly configured and matches deSEC's keys,
+    ``false`` if the DS records do not match, ``null`` if no DNSSEC data was
+    found.
+
 ``keys``
     :Access mode: read-only
 
@@ -163,6 +200,14 @@ If you have reached the maximum number of domains for your account, the API
 responds with ``403 Forbidden``.  If you find yourself affected by this limit
 although you have a legitimate use case, please contact our support.
 
+If you have reached the per-account limit for domains delegated without DNSSEC,
+the API responds with ``403 Forbidden`` when creating additional domains.
+Secure an existing domain by adding the DS records shown in the UI or API, then
+try again.
+
+If the per-account limit is set to ``0``, domain creation is disabled.
+If the limit is ``null``, there is no restriction based on DNSSEC status.
+
 Restrictions on what is a valid domain name apply.  In particular, domains
 listed on the `Public Suffix List`_ such as ``co.uk`` cannot be registered.
 (If you operate a public suffix and would like to host it with deSEC, that's
@@ -197,6 +242,33 @@ Up to 500 items are returned at a time.  If you have a larger number of
 domains configured, the use of :ref:`pagination` is required.
 
 
+Delegation Status Checks
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+deSEC periodically checks how your domain is published in the public DNS.
+The results are stored in the delegation status fields described above
+(``delegation_checked``, ``is_registered``, ``is_delegated``,
+``has_all_nameservers``, ``is_secured``).
+
+The checks use public resolvers to determine:
+
+- whether the domain exists in the public DNS (registered),
+- whether the delegation points to deSEC name servers,
+- whether DNSSEC is correctly configured for your domain.
+
+The API does not change or delete domains based on these checks. However, if
+you have at least one domain delegated to deSEC without DNSSEC, you cannot
+create additional domains until that domain is secured.
+
+If you need details about a domain's current status, request the domain via
+``GET /api/v1/domains/{name}/`` or list domains via ``GET /api/v1/domains/`` and
+inspect the delegation fields.
+
+To trigger a manual refresh for a single domain, issue a ``POST`` request to
+``/api/v1/domains/{name}/delegation-check/``. The response contains the updated
+domain object, including the delegation fields. This endpoint is rate-limited.
+
+
 Retrieving a Specific Domain
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
diff --git a/docs/rate-limits.rst b/docs/rate-limits.rst
index a345ecb21..1ded2b5c3 100644
--- a/docs/rate-limits.rst
+++ b/docs/rate-limits.rst
@@ -56,6 +56,8 @@ the API.  When several rates are given, all are enforced at the same time.
 |                                         |          |                                                                                           |
 |                                         | 300/day  |                                                                                           |
 +-----------------------------------------+----------+-------------------------------------------------------------------------------------------+
+| ``delegation_check``                    | 10/h     | Manual delegation check for a specific domain                                             |
++-----------------------------------------+----------+-------------------------------------------------------------------------------------------+
 | ``user``                                | 2000/day | Any activity of a) authenticated users, b) unauthenticated users (by IP)                  |
 +-----------------------------------------+----------+-------------------------------------------------------------------------------------------+
 
diff --git a/resolver/Dockerfile b/resolver/Dockerfile
new file mode 100755
index 000000000..7738f79cc
--- /dev/null
+++ b/resolver/Dockerfile
@@ -0,0 +1,11 @@
+FROM ubuntu:noble
+
+COPY ./entrypoint.sh /root/
+CMD ["/root/entrypoint.sh"]
+
+RUN apt-get update \
+    && apt-get install -y bind9-dnsutils gettext-base unbound \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+
+RUN cp /usr/share/dns/root.key /var/lib/unbound/root.key
+COPY conf/ /etc/unbound/unbound.conf.d/
diff --git a/resolver/conf/resolver.conf.var b/resolver/conf/resolver.conf.var
new file mode 100644
index 000000000..3eedc4b5d
--- /dev/null
+++ b/resolver/conf/resolver.conf.var
@@ -0,0 +1,19 @@
+server:
+  cache-max-ttl: 600
+  ede: yes
+  interface: 0.0.0.0@53
+  access-control: ${DESECSTACK_IPV4_REAR_PREFIX16}.0.0/16 allow
+
+  log-queries: no
+  log-replies: no
+  log-servfail: yes
+  verbosity: 1
+
+  do-daemonize: no
+
+  neg-cache-size: 4M
+  qname-minimisation: yes
+
+  deny-any: yes
+  logfile: /tmp/log
+  use-syslog: no
diff --git a/resolver/entrypoint.sh b/resolver/entrypoint.sh
new file mode 100755
index 000000000..0eba8eec0
--- /dev/null
+++ b/resolver/entrypoint.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+envsubst < /etc/unbound/unbound.conf.d/resolver.conf.var > /etc/unbound/unbound.conf.d/resolver.conf
+exec unbound
diff --git a/www/webapp/.gitignore b/www/webapp/.gitignore
index 46955aa0f..7e07b0286 100644
--- a/www/webapp/.gitignore
+++ b/www/webapp/.gitignore
@@ -1,5 +1,6 @@
 .DS_Store
 node_modules
+.vite
 
 /tests/e2e/videos/
 /tests/e2e/screenshots/
diff --git a/www/webapp/package.json b/www/webapp/package.json
index 11aa2b0d1..5585bc742 100644
--- a/www/webapp/package.json
+++ b/www/webapp/package.json
@@ -7,7 +7,8 @@
     "serve": "vite preview",
     "build": "vite build",
     "lint": "eslint --ignore-path .gitignore --no-fix src/**/*.{vue,js,json}",
-    "lint:fix": "eslint --ignore-path .gitignore --fix src/**/*.{vue,js,json}"
+    "lint:fix": "eslint --ignore-path .gitignore --fix src/**/*.{vue,js,json}",
+    "postinstall": "vue-demi-switch 3"
   },
   "type": "module",
   "engines": {
@@ -16,26 +17,30 @@
   "dependencies": {
     "@fontsource/roboto": "^5.0.3",
     "@mdi/js": "~7.4.47",
+    "@vuelidate/core": "^2.0.3",
+    "@vuelidate/validators": "^2.0.4",
     "axios": "^1.4.0",
     "date-fns": "^4.1.0",
     "pinia": "^2.0.30",
-    "vue": "~2.7.14",
-    "vue-router": "~3.6.5",
-    "vuelidate": "^0.7.7",
-    "vuetify": "^2.7.0"
+    "vue": "^3.4.19",
+    "vue-router": "^4.3.0",
+    "vuetify": "^3.7.5"
   },
   "devDependencies": {
     "@vitejs/plugin-legacy": "^6.0.0",
-    "@vitejs/plugin-vue2": "^2.3.3",
+    "@vitejs/plugin-vue": "^5.2.0",
     "eslint": "^8.45.0",
     "eslint-import-resolver-alias": "^1.1.2",
     "eslint-plugin-import": "^2.27.5",
     "eslint-plugin-vue": "^9.15.1",
     "eslint-plugin-vue-scoped-css": "^2.6.1",
-    "eslint-plugin-vuetify": "^1.1.0",
+    "eslint-plugin-vuetify": "^2.1.1",
     "sass": "~1.83.4",
-    "unplugin-vue-components": "^28.0.0",
     "vite": "^6.0.11",
-    "vuetify-loader": "~1.9.1"
+    "vite-plugin-vuetify": "^2.0.4",
+    "vue-demi": "^0.14.10"
+  },
+  "overrides": {
+    "vue-demi": "^0.14.10"
   }
 }
diff --git a/www/webapp/src/App.vue b/www/webapp/src/App.vue
index 4499155f6..e04680950 100644
--- a/www/webapp/src/App.vue
+++ b/www/webapp/src/App.vue
@@ -1,90 +1,91 @@
 <template>
   <v-app id="inspire">
     <v-navigation-drawer
-            v-model="drawer"
-            app
-            right
-            disable-resize-watcher
+      v-model="drawer"
+      app
+      location="right"
+      disable-resize-watcher
     >
-      <v-list dense>
+      <v-list density="compact">
         <v-list-item
-                v-for="(item, key) in menu"
-                :key="key"
-                link
-                :to="{name: item.name}"
-                :exact="true">
-          <v-list-item-action>
-            <v-icon>{{ item.icon }}</v-icon>
-          </v-list-item-action>
-          <v-list-item-content>
-            <v-list-item-title>
-              {{ item.text }}
-              <v-icon :color="item.post_icon_color" class="text--darken-2" small v-if="item.post_icon">{{ item.post_icon }}</v-icon>
-            </v-list-item-title>
-          </v-list-item-content>
+          v-for="(item, key) in menu"
+          :key="key"
+          :to="{name: item.name}"
+          :exact="true"
+        >
+          <template #prepend>
+            <v-icon :icon="item.icon" />
+          </template>
+          <v-list-item-title>
+            {{ item.text }}
+            <v-icon v-if="item.post_icon" :icon="item.post_icon" :color="item.post_icon_color" size="small" />
+          </v-list-item-title>
         </v-list-item>
       </v-list>
     </v-navigation-drawer>
 
-    <v-app-bar app class="white">
-      <v-toolbar-title><router-link :to="{name: 'home'}">
+    <v-app-bar app color="white" :extended="authenticated">
+      <v-app-bar-title><router-link :to="{name: 'home'}">
         <v-img
-                src="./assets/logo.svg"
-                alt="deSEC Logo"
-                eager
-                contain
+          src="./assets/logo.svg"
+          alt="deSEC Logo"
+          class="app-logo"
+          height="32"
+          eager
+          contain
         ></v-img>
-      </router-link></v-toolbar-title>
+      </router-link></v-app-bar-title>
       <v-spacer/>
       <div class="d-none d-md-block">
         <span class="mx-2" v-for="(item, key) in menu" :key="key">
           <router-link
-                  class="primary--text text--darken-2"
-                  :to="{name: item.name}"
+            class="text-primary"
+            :to="{name: item.name}"
           >{{ item.text }}</router-link>
-          <v-icon :color="item.post_icon_color" class="ml-1 text--darken-1" small v-if="item.post_icon">{{ item.post_icon }}</v-icon>
+          <v-icon v-if="item.post_icon" :icon="item.post_icon" :color="item.post_icon_color" class="ml-1" size="small" />
         </span>
       </div>
-      <v-btn class="mx-4" color="primary" depressed :to="{name: 'signup', query: $route.query}" v-if="!user.authenticated">Create Account</v-btn>
-      <v-btn class="mx-4 mr-0" color="primary" depressed :to="{name: 'login'}" v-if="!user.authenticated">Log In</v-btn>
-      <v-btn class="mx-4 mr-0" color="primary" depressed outlined @click="logout" v-if="user.authenticated">Log Out</v-btn>
+      <v-btn class="mx-4" color="primary" variant="flat" :to="{name: 'signup', query: $route.query}" v-if="!authenticated">Create Account</v-btn>
+      <v-btn class="mx-4 mr-0" color="primary" variant="flat" :to="{name: 'login'}" v-if="!authenticated">Log In</v-btn>
+      <v-btn class="mx-4 mr-0" color="primary" variant="outlined" @click="logout" v-if="authenticated">Log Out</v-btn>
       <v-app-bar-nav-icon class="d-md-none" @click.stop="drawer = !drawer" />
-      <template #extension v-if="user.authenticated">
-        <v-tabs background-color="primary darken-1" fixed-tabs>
-          <v-tab
-            v-for="(item, key) in tabmenu"
-            :key="key"
-            :to="{name: item.name}"
-          >
-            {{ item.text }}
-          </v-tab>
-          <v-spacer></v-spacer>
-          <v-menu
-                  bottom
-                  left
-          >
-            <template #activator="{ on }">
+      <template #extension v-if="authenticated">
+        <div class="d-flex align-center w-100 bg-primary text-white">
+          <v-tabs v-model="activeTab" class="flex-grow-1 text-white" bg-color="primary" color="white" slider-color="white" grow>
+            <v-tab
+              v-for="(item, key) in tabmenu"
+              :key="key"
+              :value="item.name"
+              :to="{name: item.name}"
+              class="text-white"
+            >
+              {{ item.text }}
+            </v-tab>
+          </v-tabs>
+          <v-menu location="bottom">
+            <template #activator="{ props }">
               <v-btn
-                      text
-                      class="align-self-center mr-4"
-                      v-on="on"
+                variant="text"
+                color="white"
+                class="align-self-center mr-4"
+                v-bind="props"
               >
                 more
-                <v-icon right>{{ mdiMenuDown }}</v-icon>
+                <v-icon :icon="mdiMenuDown" end />
               </v-btn>
             </template>
 
-            <v-list class="grey lighten-3">
+            <v-list class="bg-grey-lighten-3">
               <v-list-item
-                      v-for="(item, key) in tabmenumore"
-                      :key="key"
-                      :to="{name: item.name}"
+                v-for="(item, key) in tabmenumore"
+                :key="key"
+                :to="{name: item.name}"
               >
                 {{ item.text }}
               </v-list-item>
             </v-list>
           </v-menu>
-        </v-tabs>
+        </div>
       </template>
     </v-app-bar>
 
@@ -94,15 +95,14 @@
           <v-icon
             color="warning"
             size="36"
-          >
-            {{ alert.icon }}
-          </v-icon>
+            :icon="alert.icon"
+          />
         </template>
         {{ alert.teaser }}
         <template #actions>
           <v-btn
             color="primary"
-            depressed
+            variant="flat"
             :href="alert.href"
             v-if="alert.href"
           >
@@ -110,7 +110,7 @@
           </v-btn>
           <v-btn
             color="primary"
-            text
+            variant="text"
             @click="user.unalert(alert.id)"
           >
             Hide
@@ -127,9 +127,9 @@
       <router-view/>
     </v-main>
     <v-footer
-      class="d-flex flex-column align-stretch pa-0 white--text text--darken-1 elevation-12"
+      class="d-flex flex-column align-stretch pa-0 text-white elevation-12"
     >
-      <div class="grey darken-3 d-sm-flex flex-row justify-space-between pa-4">
+      <div class="bg-grey-darken-3 d-sm-flex flex-row justify-space-between pa-4">
         <div class="pa-2">
           <b>deSEC e.V.</b>
         </div>
@@ -141,7 +141,7 @@
           <div class="px-2"><router-link :to="{name: 'impressum'}">Legal Notice (Impressum)</router-link></div>
         </div>
       </div>
-      <div class="grey darken-4 d-md-flex flex-row justify-space-between pa-6">
+      <div class="bg-grey-darken-4 d-md-flex flex-row justify-space-between pa-6">
         <div>
           <p>{{ email }}</p>
           <p>
@@ -153,7 +153,7 @@
         <div>
           <p>
             Please <router-link :to="{name: 'donate'}">donate</router-link>!
-            <v-icon color="red" class="text--darken-2" dense>{{ mdiHeart }}</v-icon>
+            <v-icon :icon="mdiHeart" color="red" />
           </p>
           <p>
             European Bank Account:<br>
@@ -167,7 +167,7 @@
         </div>
         <div>
           <p>Vorstand</p>
-          <p class="white--text text--darken-2">
+          <p class="text-white">
             Nils Wisiol<br/>
             Peter Thomassen<br/>
             Wolfgang Studier<br/>
@@ -196,38 +196,10 @@ import {
 
 export default {
   name: 'App',
-  data: () => ({
-    user: useUserStore(),
-    drawer: false,
-    email: import.meta.env.VITE_APP_EMAIL,
-    mdiHeart,
-    mdiMenuDown,
-    tabmenu: {
-      'domains': {
-        'name': 'domains',
-        'text': 'Domain Management',
-      },
-      'tokens': {
-        'name': 'tokens',
-        'text': 'Token Management',
-      },
-    },
-    tabmenumore: {
-      'totp': {
-        'name': 'totp',
-        'text': 'Manage 2-Factor Authentication',
-      },
-      'change-email': {
-        'name': 'change-email',
-        'text': 'Change Email Address',
-      },
-      'delete-account': {
-        'name': 'delete-account',
-        'text': 'Delete Account',
-      },
-    },
-  }),
   computed: {
+    authenticated() {
+      return this.user?.authenticated;
+    },
     menu: () => {
       const user = useUserStore();
       const menu_perma = {
@@ -277,6 +249,46 @@ export default {
       return {...menu_perma, ...menu_opt};
     },
   },
+  data: () => ({
+    user: useUserStore(),
+    drawer: false,
+    email: import.meta.env.VITE_APP_EMAIL,
+    activeTab: null,
+    mdiHeart,
+    mdiMenuDown,
+    tabmenu: {
+      'domains': {
+        'name': 'domains',
+        'text': 'Domain Management',
+      },
+      'tokens': {
+        'name': 'tokens',
+        'text': 'Token Management',
+      },
+    },
+    tabmenumore: {
+      'totp': {
+        'name': 'totp',
+        'text': 'Manage 2-Factor Authentication',
+      },
+      'change-email': {
+        'name': 'change-email',
+        'text': 'Change Email Address',
+      },
+      'delete-account': {
+        'name': 'delete-account',
+        'text': 'Delete Account',
+      },
+    },
+  }),
+  watch: {
+    $route: {
+      immediate: true,
+      handler(to) {
+        this.activeTab = to?.name ?? null;
+      },
+    },
+  },
   methods: {
     async logout() {
       await logout();
@@ -285,3 +297,21 @@ export default {
   }
 }
 </script>
+
+<style>
+.v-application a {
+  color: rgb(var(--v-theme-primary));
+  text-decoration: none;
+}
+.v-application a:hover,
+.v-application a:focus {
+  text-decoration: underline;
+}
+.v-application .bg-grey-darken-3 a,
+.v-application .bg-grey-darken-4 a {
+  color: rgb(var(--v-theme-secondary));
+}
+.app-logo {
+  width: auto;
+}
+</style>
diff --git a/www/webapp/src/components/ActivateAccountActionHandler.vue b/www/webapp/src/components/ActivateAccountActionHandler.vue
index f4bdba18f..2688fe66c 100644
--- a/www/webapp/src/components/ActivateAccountActionHandler.vue
+++ b/www/webapp/src/components/ActivateAccountActionHandler.vue
@@ -6,24 +6,23 @@
             tabindex="1"
             ref="captchaField"
         />
-        <v-layout class="justify-center">
+        <v-row class="justify-center">
           <v-checkbox
                 v-model="terms"
                 hide-details="auto"
-                type="checkbox"
                 :rules="terms_rules"
                 tabindex="2"
           >
             <template #label>
-              <v-flex>
+              <v-col>
                 Yes, I agree to the <span @click.stop><router-link :to="{name: 'terms'}" target="_blank">Terms of Use</router-link></span> and
                 <span @click.stop><router-link :to="{name: 'privacy-policy'}" target="_blank">Privacy Policy</router-link></span>.
-              </v-flex>
+              </v-col>
             </template>
           </v-checkbox>
-        </v-layout>
+        </v-row>
         <v-btn
-                depressed
+                variant="flat"
                 class="mt-4"
                 color="primary"
                 type="submit"
diff --git a/www/webapp/src/components/ActivateAccountWithOverrideTokenActionHandler.vue b/www/webapp/src/components/ActivateAccountWithOverrideTokenActionHandler.vue
index b89ba0291..d24db5129 100644
--- a/www/webapp/src/components/ActivateAccountWithOverrideTokenActionHandler.vue
+++ b/www/webapp/src/components/ActivateAccountWithOverrideTokenActionHandler.vue
@@ -24,39 +24,37 @@
             tabindex="1"
             ref="captchaField"
         />
-        <v-layout class="justify-center">
+        <v-row class="justify-center">
           <v-checkbox
                 v-model="payload.outreach_preference"
                 hide-details
-                type="checkbox"
                 tabindex="2"
           >
             <template #label>
-              <v-flex>
+              <v-col>
                 Tell me about deSEC developments. No ads. <small>(recommended)</small>
-              </v-flex>
+              </v-col>
             </template>
           </v-checkbox>
-        </v-layout>
+        </v-row>
 
-        <v-layout class="justify-center">
+        <v-row class="justify-center">
           <v-checkbox
                 v-model="terms"
                 hide-details="auto"
-                type="checkbox"
                 :rules="terms_rules"
                 tabindex="3"
           >
             <template #label>
-              <v-flex>
+              <v-col>
                 Yes, I agree to the <span @click.stop><router-link :to="{name: 'terms'}" target="_blank">Terms of Use</router-link></span> and
                 <span @click.stop><router-link :to="{name: 'privacy-policy'}" target="_blank">Privacy Policy</router-link></span>.
-              </v-flex>
+              </v-col>
             </template>
           </v-checkbox>
-        </v-layout>
+        </v-row>
         <v-btn
-                depressed
+                variant="flat"
                 class="mt-4"
                 color="primary"
                 type="submit"
diff --git a/www/webapp/src/components/CreateTOTPActionHandler.vue b/www/webapp/src/components/CreateTOTPActionHandler.vue
index 80913bd70..c62e34c49 100644
--- a/www/webapp/src/components/CreateTOTPActionHandler.vue
+++ b/www/webapp/src/components/CreateTOTPActionHandler.vue
@@ -10,11 +10,8 @@
     watch: {
       success(value) {
         if(value) {
-          let params = {
-            data: this.response.data,
-            name: this.response.data.name,
-          };
-          this.$router.push({ name: 'TOTPVerify', params: params});
+          sessionStorage.setItem('totpVerifyData', JSON.stringify(this.response.data));
+          this.$router.push({ name: 'TOTPVerify', query: { name: this.response.data.name }});
         }
       }
     }
diff --git a/www/webapp/src/components/DonateDirectDebitForm.vue b/www/webapp/src/components/DonateDirectDebitForm.vue
index 5335807b1..7715b3133 100644
--- a/www/webapp/src/components/DonateDirectDebitForm.vue
+++ b/www/webapp/src/components/DonateDirectDebitForm.vue
@@ -17,7 +17,7 @@
         may be the name appearing on your bank statement.
       </p>
       <p>Again, thank you so much.</p>
-      <v-btn depressed outlined block :to="{name: 'home'}">Done</v-btn>
+      <v-btn variant="outlined" block :to="{name: 'home'}">Done</v-btn>
     </v-alert>
     <v-form
         v-if="!done"
@@ -40,8 +40,8 @@
       <v-text-field
               v-model="name"
               label="Full Name of the Account Holder"
-              :prepend-icon="mdiAccount"
-              outlined
+              :prepend-inner-icon="mdiAccount"
+              variant="outlined"
               required
               :rules="name_rules"
               :error-messages="name_errors"
@@ -50,8 +50,8 @@
       <v-text-field
               v-model="iban"
               label="IBAN"
-              :prepend-icon="mdiBank"
-              outlined
+              :prepend-inner-icon="mdiBank"
+              variant="outlined"
               required
               :rules="iban_rules"
               :error-messages="iban_errors"
@@ -61,8 +61,8 @@
       <v-text-field
               v-model="amount"
               label="Amount in Euros"
-              :prepend-icon="mdiCash100"
-              outlined
+              :prepend-inner-icon="mdiCash100"
+              variant="outlined"
               required
               :rules="amount_rules"
               :error-messages="amount_errors"
@@ -71,23 +71,23 @@
       <v-text-field
               v-model="message"
               label="Message (optional)"
-              :prepend-icon="mdiMessageTextOutline"
-              outlined
+              :prepend-inner-icon="mdiMessageTextOutline"
+              variant="outlined"
               validate-on-blur
       />
 
       <v-text-field
               v-model="email"
               label="Email Address (optional)"
-              :prepend-icon="mdiEmail"
-              outlined
+              :prepend-inner-icon="mdiEmail"
+              variant="outlined"
               :rules="email_rules"
               :error-messages="email_errors"
               validate-on-blur
       />
 
       <v-btn
-              depressed
+              variant="flat"
               block
               color="primary"
               type="submit"
@@ -169,7 +169,8 @@
         this.$refs.form.reset();
       },
       async donate() {
-        if (!this.$refs.form.validate()) {
+        const { valid } = await this.$refs.form.validate();
+        if (!valid) {
           return;
         }
         this.working = true;
diff --git a/www/webapp/src/components/ErrorAlert.vue b/www/webapp/src/components/ErrorAlert.vue
index 80a4c184a..a1d46d4a9 100644
--- a/www/webapp/src/components/ErrorAlert.vue
+++ b/www/webapp/src/components/ErrorAlert.vue
@@ -1,5 +1,5 @@
 <template>
-  <v-alert :value="!!(errors && errors.length)" type="error" style="overflow: auto;">
+  <v-alert :model-value="!!(errors && errors.length)" type="error" style="overflow: auto;">
     <div v-if="errors.length > 1">
       <li v-for="(error, idx) of errors" :key="idx" >
         {{ error }}
diff --git a/www/webapp/src/components/Field/DelegationStatus.vue b/www/webapp/src/components/Field/DelegationStatus.vue
new file mode 100644
index 000000000..fa808313d
--- /dev/null
+++ b/www/webapp/src/components/Field/DelegationStatus.vue
@@ -0,0 +1,117 @@
+<template>
+  <div class="delegation-status" :class="{ 'is-clickable': clickable }" @click="handleClick">
+    <v-chip
+      :color="status.color"
+      size="small"
+      variant="flat"
+      class="mb-1"
+    >
+      {{ status.label }}
+    </v-chip>
+    <div v-if="showHint" class="delegation-hint text-caption text-medium-emphasis">
+      {{ status.hint }}
+    </div>
+  </div>
+</template>
+
+<script>
+export default {
+  name: 'DelegationStatus',
+  emits: ['update:modelValue'],
+  props: {
+    modelValue: {
+      type: [String, Number, Date],
+      default: null,
+    },
+    showHint: {
+      type: Boolean,
+      default: true,
+    },
+    clickable: {
+      type: Boolean,
+      default: false,
+    },
+    item: {
+      type: Object,
+      required: true,
+    },
+  },
+  computed: {
+    status() {
+      const domain = this.item || {};
+      if (!domain.delegation_checked) {
+        return {
+          label: 'Checking',
+          color: 'grey-lighten-2',
+          hint: 'We are checking how this domain is published on the Internet.',
+        };
+      }
+      if (domain.is_registered === false) {
+        return {
+          label: 'Not visible in DNS',
+          color: 'grey-lighten-1',
+          hint: 'Your registrar has not published this domain yet.',
+        };
+      }
+      if (domain.is_delegated == null) {
+        return {
+          label: 'Not delegated to deSEC',
+          color: 'red-lighten-1',
+          hint: 'Update the nameservers at your registrar to use deSEC.',
+        };
+      }
+      if (domain.is_delegated === false) {
+        return {
+          label: 'Partially delegated',
+          color: 'orange-lighten-1',
+          hint: 'Some nameservers do not point to deSEC. Use only deSEC nameservers.',
+        };
+      }
+      if (domain.is_secured === true) {
+        return {
+          label: 'Delegation secured',
+          color: 'green-lighten-1',
+          hint: 'DNSSEC is active and correctly configured.',
+        };
+      }
+      if (domain.is_secured === false) {
+        return {
+          label: 'DNSSEC mismatch',
+          color: 'orange-lighten-1',
+          hint: 'Update the DS records at your registrar to match deSEC.',
+        };
+      }
+      return {
+        label: 'Delegated without DNSSEC',
+        color: 'orange-lighten-1',
+        hint: 'Add the DS records at your registrar to secure this domain.',
+      };
+    },
+  },
+  methods: {
+    handleClick(event) {
+      if (!this.clickable) {
+        return;
+      }
+      if (event?.stopPropagation) {
+        event.stopPropagation();
+      }
+      this.$emit('click', event);
+    },
+  },
+};
+</script>
+
+<style scoped>
+.delegation-status {
+  display: flex;
+  flex-direction: column;
+  gap: 2px;
+}
+.delegation-status.is-clickable {
+  cursor: pointer;
+}
+.delegation-hint {
+  max-width: 320px;
+}
+</style>
diff --git a/www/webapp/src/components/Field/GenericCaptcha.vue b/www/webapp/src/components/Field/GenericCaptcha.vue
index c8eb7fdc1..ca5e2e3aa 100644
--- a/www/webapp/src/components/Field/GenericCaptcha.vue
+++ b/www/webapp/src/components/Field/GenericCaptcha.vue
@@ -1,18 +1,18 @@
 <template>
   <v-row dense align="center" class="text-center">
-    <v-col cols="12" sm="">
+    <v-col cols="12">
       <v-text-field
           v-model="inputSolution"
           :label="l.inputSolution"
           :hint="kind === 'image' ? l.hintProblemWithImage : l.hintProblemWithAudio"
-          :prepend-icon="mdiAccountCheck"
+          :prepend-inner-icon="mdiAccountCheck"
           :rules="rules"
           :error-messages="errors"
           :tabindex="tabindex"
-          @input="emitChange()"
+          @update:modelValue="emitChange()"
           @change="errors=[]"
           @keydown="errors=[]"
-          outlined
+          variant="outlined"
           required
           class="uppercase"
           ref="captchaField"
@@ -39,17 +39,17 @@
       </audio>
       <br>
       <v-btn-toggle>
-        <v-btn text outlined @click="getCaptcha(true)" :aria-label="l.newCaptcha" :disabled="working">
-          <v-icon>{{ mdiRefresh }}</v-icon>
+        <v-btn variant="outlined" @click="getCaptcha(true)" :aria-label="l.newCaptcha" :disabled="working">
+          <v-icon :icon="mdiRefresh" />
         </v-btn>
       </v-btn-toggle>
       &nbsp;
       <v-btn-toggle v-model="kind">
-        <v-btn text outlined value="image" :aria-label="l.switchImage" :disabled="working">
-          <v-icon>{{ mdiEye }}</v-icon>
+        <v-btn variant="outlined" value="image" :aria-label="l.switchImage" :disabled="working">
+          <v-icon :icon="mdiEye" />
         </v-btn>
-        <v-btn text outlined value="audio" :aria-label="l.switchAudio" :disabled="working">
-          <v-icon>{{ mdiEarHearing }}</v-icon>
+        <v-btn variant="outlined" value="audio" :aria-label="l.switchAudio" :disabled="working">
+          <v-icon :icon="mdiEarHearing" />
         </v-btn>
       </v-btn-toggle>
     </v-col>
diff --git a/www/webapp/src/components/Field/GenericCheckbox.vue b/www/webapp/src/components/Field/GenericCheckbox.vue
index f086ab29e..099b757d7 100644
--- a/www/webapp/src/components/Field/GenericCheckbox.vue
+++ b/www/webapp/src/components/Field/GenericCheckbox.vue
@@ -3,10 +3,10 @@
     :label="label"
     :disabled="disabled || readonly"
     :error-messages="errorMessages"
-    :input-value="value"
+    :model-value="inputValue"
     :required="required"
     :rules="[v => !required || !!v || 'Required.']"
-    @change="change"
+    @update:modelValue="change"
   />
 </template>
 
@@ -34,14 +34,24 @@ export default {
       type: Boolean,
       default: false,
     },
+    modelValue: {
+      type: Boolean,
+      required: false,
+    },
     value: {
       type: Boolean,
-      required: true,
+      required: false,
+    },
+  },
+  computed: {
+    inputValue() {
+      return this.modelValue ?? this.value;
     },
   },
   methods: {
-    change(event) {
-      this.$emit('input', event);
+    change(value) {
+      this.$emit('update:modelValue', value);
+      this.$emit('input', value);
       this.$emit('dirty', {target: this.$el});
     },
   },
diff --git a/www/webapp/src/components/Field/GenericSwitchbox.vue b/www/webapp/src/components/Field/GenericSwitchbox.vue
index 6510bd415..3d6ee13e6 100644
--- a/www/webapp/src/components/Field/GenericSwitchbox.vue
+++ b/www/webapp/src/components/Field/GenericSwitchbox.vue
@@ -3,10 +3,10 @@
     :label="label"
     :disabled="disabled || readonly"
     :error-messages="errorMessages"
-    :input-value="value"
+    :model-value="inputValue"
     :required="required"
     :rules="[v => !required || !!v || 'Required.']"
-    @change="change"
+    @update:modelValue="change"
   />
 </template>
 
@@ -34,14 +34,24 @@ export default {
       type: Boolean,
       default: false,
     },
+    modelValue: {
+      type: Boolean,
+      required: false,
+    },
     value: {
       type: Boolean,
-      required: true,
+      required: false,
+    },
+  },
+  computed: {
+    inputValue() {
+      return this.modelValue ?? this.value;
     },
   },
   methods: {
-    change(event) {
-      this.$emit('input', event);
+    change(value) {
+      this.$emit('update:modelValue', value);
+      this.$emit('input', value);
       this.$emit('dirty', {target: this.$el});
     },
   },
diff --git a/www/webapp/src/components/Field/GenericText.vue b/www/webapp/src/components/Field/GenericText.vue
index e07cbd744..4033a0f42 100644
--- a/www/webapp/src/components/Field/GenericText.vue
+++ b/www/webapp/src/components/Field/GenericText.vue
@@ -2,18 +2,18 @@
   <v-text-field
     :label="label"
     :disabled="disabled || readonly"
+    :readonly="!!value_override"
     :error-messages="errorMessages"
-    :value="value_override ? '' : value"
+    :model-value="value_override ? '' : inputValue"
     :type="type || ''"
     :placeholder="value_override || placeholder || (required ? '' : '(optional)')"
-    :hint="hintWarning(value) !== false && hint"
-    :persistent-hint="hintWarning(value) !== false"
+    :hint="resolvedHint"
+    :persistent-hint="!!resolvedHint"
     :class="hintClass"
     :required="required"
     :rules="[v => !required || !!v || 'Required.'].concat(rules)"
-    @input="changed('input', $event)"
-    @input.native="$emit('dirty', $event)"
-    @keyup="changed('keyup', $event)"
+    @update:modelValue="updateValue"
+    @keyup="handleKeyup"
   />
 </template>
 
@@ -53,6 +53,10 @@ export default {
       type: Array,
       default: () => [],
     },
+    modelValue: {
+      type: [String, Number],
+      required: false,
+    },
     value: {
       type: [String, Number],
       required: false,
@@ -73,15 +77,28 @@ export default {
   data() { return {
     hintClass: '',
   }},
+  computed: {
+    inputValue() {
+      return this.modelValue ?? this.value;
+    },
+    resolvedHint() {
+      return this.hintWarning(this.inputValue) !== false ? (this.hint || '') : '';
+    },
+  },
   methods: {
-    changed(event, e) {
-      this.$emit(event, e);
+    updateValue(value) {
+      this.$emit('update:modelValue', value);
+      this.$emit('input', value);
+      this.$emit('dirty');
+    },
+    handleKeyup(event) {
+      this.$emit('keyup', event);
       this.$emit('dirty');
     },
   },
   watch: {
-    value: function() {
-      this.hintClass = this.hintWarning(this.value) ? 'hint-warning' : '';
+    inputValue: function() {
+      this.hintClass = this.hintWarning(this.inputValue) ? 'hint-warning' : '';
     },
   },
 };
@@ -111,4 +128,4 @@ export default {
 .hint-warning .v-messages__message {
   color: #fb8c00;
 }
-</style>
\ No newline at end of file
+</style>
diff --git a/www/webapp/src/components/Field/GenericTextarea.vue b/www/webapp/src/components/Field/GenericTextarea.vue
index 9b68bcd19..e611e10e7 100644
--- a/www/webapp/src/components/Field/GenericTextarea.vue
+++ b/www/webapp/src/components/Field/GenericTextarea.vue
@@ -3,17 +3,16 @@
     :label="label"
     :disabled="disabled || readonly"
     :error-messages="errorMessages"
-    :value="value"
+    :model-value="inputValue"
     :type="type || ''"
     :placeholder="required ? '' : '(optional)'"
     :hint="hint"
     persistent-hint
     :required="required"
     :rules="[v => !required || !!v || 'Required.'].concat(rules)"
-    @input="changed('input', $event)"
-    @input.native="$emit('dirty', $event)"
-    @keyup="changed('keyup', $event)"
-    dense
+    @update:modelValue="updateValue"
+    @keyup="handleKeyup"
+    density="compact"
     rows="8"
   />
 </template>
@@ -50,6 +49,10 @@ export default {
       type: Array,
       default: () => [],
     },
+    modelValue: {
+      type: [String, Number],
+      required: false,
+    },
     value: {
       type: [String, Number],
       required: false,
@@ -59,9 +62,19 @@ export default {
       required: false,
     },
   },
+  computed: {
+    inputValue() {
+      return this.modelValue ?? this.value;
+    },
+  },
   methods: {
-    changed(event, e) {
-      this.$emit(event, e);
+    updateValue(value) {
+      this.$emit('update:modelValue', value);
+      this.$emit('input', value);
+      this.$emit('dirty');
+    },
+    handleKeyup(event) {
+      this.$emit('keyup', event);
       this.$emit('dirty');
     },
   },
diff --git a/www/webapp/src/components/Field/RRSetType.vue b/www/webapp/src/components/Field/RRSetType.vue
index ed63b1a35..d6f172857 100644
--- a/www/webapp/src/components/Field/RRSetType.vue
+++ b/www/webapp/src/components/Field/RRSetType.vue
@@ -5,11 +5,11 @@
     :error-messages="errorMessages"
     hint="You can also enter other types. For a full list, check the documentation."
     :persistent-hint="!readonly"
-    :value="value"
+    :model-value="inputValue"
     :items="types"
     :required="required"
     :rules="[v => !required || !!v || 'Required.']"
-    @input="input($event)"
+    @update:modelValue="input"
   />
 </template>
 
@@ -37,9 +37,13 @@ export default {
       type: Boolean,
       default: false,
     },
+    modelValue: {
+      type: String,
+      required: false,
+    },
     value: {
       type: String,
-      required: true,
+      required: false,
     },
   },
   data: () => ({
@@ -60,8 +64,14 @@ export default {
       'DS',
     ],
   }),
+  computed: {
+    inputValue() {
+      return this.modelValue ?? this.value;
+    },
+  },
   methods: {
     input(event) {
+      this.$emit('update:modelValue', event);
       this.$emit('input', event);
     },
   },
diff --git a/www/webapp/src/components/Field/RecordA.vue b/www/webapp/src/components/Field/RecordA.vue
index 868ccc184..20e8ce2be 100644
--- a/www/webapp/src/components/Field/RecordA.vue
+++ b/www/webapp/src/components/Field/RecordA.vue
@@ -1,10 +1,11 @@
 <script>
-import { ipAddress } from 'vuelidate/lib/validators';
+import { ipAddress } from '@vuelidate/validators';
 import RecordItem from './RecordItem.vue';
 
 export default {
   name: 'RecordA',
   extends: RecordItem,
+  setup: RecordItem.setup,
   data: () => ({
     errors: {
       ipAddress: 'This field must contain an IPv4 address.',
diff --git a/www/webapp/src/components/Field/RecordAAAA.vue b/www/webapp/src/components/Field/RecordAAAA.vue
index 031775bf4..f54ad48fe 100644
--- a/www/webapp/src/components/Field/RecordAAAA.vue
+++ b/www/webapp/src/components/Field/RecordAAAA.vue
@@ -1,5 +1,5 @@
 <script>
-import { helpers } from 'vuelidate/lib/validators';
+import { helpers } from '@vuelidate/validators';
 import RecordItem from './RecordItem.vue';
 
 // from https://stackoverflow.com/a/17871737/6867099, without the '%' and '.' parts
@@ -8,6 +8,7 @@ const ip6Address = helpers.regex('ip6Address', /^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-
 export default {
   name: 'RecordAAAA',
   extends: RecordItem,
+  setup: RecordItem.setup,
   data: () => ({
     errors: {
       ip6Address: 'This field must contain an IPv6 address.',
diff --git a/www/webapp/src/components/Field/RecordCAA.vue b/www/webapp/src/components/Field/RecordCAA.vue
index b68da1942..0b28c7167 100644
--- a/www/webapp/src/components/Field/RecordCAA.vue
+++ b/www/webapp/src/components/Field/RecordCAA.vue
@@ -1,5 +1,5 @@
 <script>
-import { integer, between } from 'vuelidate/lib/validators';
+import { integer, between } from '@vuelidate/validators';
 import RecordItem from './RecordItem.vue';
 
 const MAX8 = 255;
@@ -12,6 +12,7 @@ const tag = (value) => !value || tags.some(v => value == v);
 export default {
   name: 'RecordCAA',
   extends: RecordItem,
+  setup: RecordItem.setup,
   data: () => ({
     fields: [
       { label: 'Flags', validations: { integer, int8 } },
diff --git a/www/webapp/src/components/Field/RecordCNAME.vue b/www/webapp/src/components/Field/RecordCNAME.vue
index a5850069f..090497b3e 100644
--- a/www/webapp/src/components/Field/RecordCNAME.vue
+++ b/www/webapp/src/components/Field/RecordCNAME.vue
@@ -1,13 +1,22 @@
 <script>
-import { helpers } from 'vuelidate/lib/validators';
+import { helpers } from '@vuelidate/validators';
 import RecordItem from './RecordItem.vue';
 
-const domain = helpers.regex('domain', /^(([a-zA-Z0-9_\\-]+\.)+[a-zA-Z]{2,})[.]?$/);
-const trailingDot = helpers.regex('trailingDot', /[.]$/);
+const domainRegex = /^(([a-zA-Z0-9_\\-]+\.)+[a-zA-Z]{2,})[.]?$/;
+const trailingDotRegex = /[.]$/;
+const domain = helpers.withParams(
+  { type: 'domain' },
+  value => !helpers.req(value) || domainRegex.test(String(value).trim()),
+);
+const trailingDot = helpers.withParams(
+  { type: 'trailingDot' },
+  value => !helpers.req(value) || trailingDotRegex.test(String(value).trim()),
+);
 
 export default {
   name: 'RecordCNAME',
   extends: RecordItem,
+  setup: RecordItem.setup,
   data: () => ({
     errors: {
       domain: 'Please enter a valid domain name.',
diff --git a/www/webapp/src/components/Field/RecordDNSKEY.vue b/www/webapp/src/components/Field/RecordDNSKEY.vue
index ff80ff93a..fca7587b3 100644
--- a/www/webapp/src/components/Field/RecordDNSKEY.vue
+++ b/www/webapp/src/components/Field/RecordDNSKEY.vue
@@ -1,5 +1,5 @@
 <script>
-import { helpers, integer, between } from 'vuelidate/lib/validators';
+import { helpers, integer, between } from '@vuelidate/validators';
 import RecordItem from './RecordItem.vue';
 
 const base64 = helpers.regex('base64', /^[0-9a-zA-Z+/][0-9a-zA-Z+/\s]*(=\s*){0,3}$/);
@@ -28,6 +28,7 @@ export const dnskey_algorithm_mnemonics = {
 export default {
   name: 'RecordDNSKEY',
   extends: RecordItem,
+  setup: RecordItem.setup,
   data: () => ({
     fields: [
       { label: 'Flags', validations: { integer, int16 }, mnemonics: dnskey_flag_mnemonics },
diff --git a/www/webapp/src/components/Field/RecordDS.vue b/www/webapp/src/components/Field/RecordDS.vue
index 0d5bc4cc0..516e5367e 100644
--- a/www/webapp/src/components/Field/RecordDS.vue
+++ b/www/webapp/src/components/Field/RecordDS.vue
@@ -1,5 +1,5 @@
 <script>
-import { and, helpers, integer, between } from 'vuelidate/lib/validators';
+import { and, helpers, integer, between } from '@vuelidate/validators';
 import RecordItem from './RecordItem.vue';
 import { dnskey_algorithm_mnemonics } from './RecordDNSKEY.vue';
 
@@ -22,6 +22,7 @@ const digest_types_mnemonics = {
 export default {
   name: 'RecordDS',
   extends: RecordItem,
+  setup: RecordItem.setup,
   data: () => ({
     fields: [
       { label: 'Key Tag', validations: { integer, int16 } },
diff --git a/www/webapp/src/components/Field/RecordItem.vue b/www/webapp/src/components/Field/RecordItem.vue
index 3261889e9..dda124778 100644
--- a/www/webapp/src/components/Field/RecordItem.vue
+++ b/www/webapp/src/components/Field/RecordItem.vue
@@ -15,12 +15,12 @@
         :disabled="disabled"
         :readonly="readonly"
         :placeholder="required && !field.optional ? ' ' : '(optional)'"
-        :hide-details="!('mnemonics' in field) && (!content.length || !($v.fields.$each[index].$invalid || $v.fields[index].$invalid))"
-        :error="$v.fields.$each[index].$invalid || $v.fields[index].$invalid"
+        :hide-details="!('mnemonics' in field) && !fieldInvalid(index)"
+        :error="fieldInvalid(index)"
         :error-messages="fieldErrorMessages(index)"
-        :append-icon="index == fields.length-1 && !readonly && !disabled ? appendIcon : ''"
-        @click:append="$emit('remove', $event)"
-        @input="inputHandler()"
+        :append-inner-icon="index == fields.length-1 && !readonly && !disabled ? appendIcon : ''"
+        @click:append-inner="$emit('remove', $event)"
+        @update:modelValue="inputHandler()"
         @paste.prevent="pasteHandler($event)"
         @keydown="keydownHandler(index, $event)"
         @keyup="(e) => $emit('keyup', e)"
@@ -31,10 +31,14 @@
 </template>
 
 <script>
-import { requiredUnless } from 'vuelidate/lib/validators';
+import { useVuelidate } from '@vuelidate/core';
+import { helpers, requiredUnless } from '@vuelidate/validators';
 
 export default {
   name: 'RecordItem',
+  setup() {
+    return { v$: useVuelidate(null, null, { $autoDirty: true }) };
+  },
   props: {
     content: {
       type: String,
@@ -87,8 +91,8 @@ export default {
   beforeMount() {
     // Initialize per-field value storage
     this.fields.forEach((field, /*i*/) => {
-      this.$set(field, 'value', '');
-      this.$set(field, 'hint', '');
+      field.value = '';
+      field.hint = '';
     });
   },
   mounted() {
@@ -145,17 +149,28 @@ export default {
     this.update(this.content);
   },
   validations() {
+    const withMessages = (validators) => {
+      if (!validators) {
+        return {};
+      }
+      return Object.entries(validators).reduce((acc, [name, validator]) => {
+        const message = this.errors?.[name];
+        acc[name] = message ? helpers.withMessage(message, validator) : validator;
+        return acc;
+      }, {});
+    };
+
     const validations = {
       fields: {
         $each: {
-          value: this.required ? { required: requiredUnless('optional') } : {},
+          value: this.required ? withMessages({ required: requiredUnless('optional') }) : {},
         },
       },
     };
 
     validations.fields = this.fields.reduce(
       (acc, field, index) => {
-        acc[index] = { value: field.validations };
+        acc[index] = { value: withMessages(field.validations) };
         return acc;
       },
       validations.fields,
@@ -164,17 +179,36 @@ export default {
     return validations;
   },
   methods: {
+    fieldInvalid(index) {
+      const valueState = this.v$?.fields?.[index]?.value || this.v$?.fields?.$each?.[index]?.value;
+      return !!valueState?.$invalid;
+    },
     fieldErrorMessages(index) {
-      const fieldValidationStatus = (fields, index) => Object.keys(fields[index].value.$params).map(
-        name => ({ passed: fields[index].value[name], message: this.errors[name] }),
-      );
-
-      const validationStatus = [
-        ...fieldValidationStatus(this.$v.fields, index),
-        ...fieldValidationStatus(this.$v.fields.$each, index),
-      ];
-
-      return validationStatus.filter(val => !val.passed).map(val => val.message || 'Invalid input.');
+      const valueState = this.v$?.fields?.[index]?.value || this.v$?.fields?.$each?.[index]?.value;
+      if (!valueState) {
+        return [];
+      }
+      if (Array.isArray(valueState.$errors) && valueState.$errors.length) {
+        const resolveMessage = (err) => {
+          const message = err.$message;
+          if (typeof message === 'function') {
+            return message();
+          }
+          if (message && typeof message === 'object' && 'value' in message) {
+            return message.value;
+          }
+          if (message) {
+            return message;
+          }
+          const key = err.$validator || err.$params?.type || err.$params?.name;
+          return this.errors?.[key] || 'Invalid input.';
+        };
+        return valueState.$errors.map(resolveMessage);
+      }
+      if (valueState.$invalid) {
+        return ['Invalid input.'];
+      }
+      return [];
     },
     focus() {
       this.$refs.input[0].focus();
@@ -207,12 +241,15 @@ export default {
       }
     },
     positionAfterDelimiter(index) {
-      const ref = this.$refs.input[index].$refs.input;
+      const ref = this.getInputEl(index);
+      if (!ref) {
+        return false;
+      }
       return index > 0 && ref.selectionStart === 0 && ref.selectionEnd === 0;
     },
     positionBeforeDelimiter(index) {
-      return index < this.fields.length - 1
-        && this.$refs.input[index].$refs.input.selectionStart === this.fields[index].value.length;
+      const ref = this.getInputEl(index);
+      return index < this.fields.length - 1 && ref && ref.selectionStart === this.fields[index].value.length;
     },
     keydownHandler(index, event) {
       switch (event.key) {
@@ -301,6 +338,8 @@ export default {
       this.setPosition(0);
     },
     inputHandler() {
+      this.$emit('dirty');
+      this.v$?.$touch();
       const pos = this.getPosition();
       const value = this.fields.map(field => field.value).join(' ');
       this.update(value, pos);
@@ -335,31 +374,50 @@ export default {
         i++;
       }
 
-      this.$refs.input[i].$refs.input.focus();
+      const input = this.getInputEl(i);
+      if (!input) {
+        return;
+      }
+      input.focus();
       await this.$nextTick();
-      this.$refs.input[i].$refs.input.setSelectionRange(pos, pos);
+      input.setSelectionRange(pos, pos);
     },
     async select(i) {
       await this.$nextTick();
-      this.$refs.input[i].$refs.input.focus();
+      const input = this.getInputEl(i);
+      if (!input) {
+        return;
+      }
+      input.focus();
       await this.$nextTick();
-      this.$refs.input[i].$refs.input.select();  // for some reason this doesn't seem to work
+      input.select();  // for some reason this doesn't seem to work
       //console.log(this.$refs.input[i].$refs.input.selectionStart, this.$refs.input[i].$refs.input.selectionEnd);
       //window.setTimeout(() => console.log(this.$refs.input[i].$refs.input.selectionStart, this.$refs.input[i].$refs.input.selectionEnd), 1000);
     },
     getPosition() {
       const refs = this.$refs.input;
-      const dirty = refs.findIndex(ref => ref.$refs.input === document.activeElement);
-      let selectionStart = refs[dirty].$refs.input.selectionStart;
+      const dirty = refs.findIndex((ref, index) => this.getInputEl(index) === document.activeElement);
+      let selectionStart = this.getInputEl(dirty).selectionStart;
       for (let i = 0; i < dirty; i++) {
-        selectionStart += refs[i].$refs.input.value.length + 1;
+        selectionStart += this.getInputEl(i).value.length + 1;
       }
       return selectionStart;
     },
     getSelectionWidth() {
       const refs = this.$refs.input;
-      const dirty = refs.findIndex(ref => ref.$refs.input === document.activeElement);
-      return refs[dirty].$refs.input.selectionEnd - refs[dirty].$refs.input.selectionStart;
+      const dirty = refs.findIndex((ref, index) => this.getInputEl(index) === document.activeElement);
+      const input = this.getInputEl(dirty);
+      return input.selectionEnd - input.selectionStart;
+    },
+    getInputEl(index) {
+      const field = this.$refs.input[index];
+      if (!field) {
+        return null;
+      }
+      if (field.$refs && field.$refs.input) {
+        return field.$refs.input;
+      }
+      return field.$el.querySelector('input');
     },
     updateFields() {
       let values = this.value.split(' ');
@@ -368,7 +426,7 @@ export default {
       values = values.concat([last]);
       // Make sure to reset trailing fields if value does not have enough spaces
       this.fields.forEach((foo, i) => {
-        this.$set(this.fields[i], 'value', values[i] || '');
+        this.fields[i].value = values[i] || '';
         const el = this.$refs.input[i].$el.parentNode;
         let mirror;
         mirror = el.getElementsByClassName("mirror-label")[0];
diff --git a/www/webapp/src/components/Field/RecordList.vue b/www/webapp/src/components/Field/RecordList.vue
index b2bf316a8..e9299ead7 100644
--- a/www/webapp/src/components/Field/RecordList.vue
+++ b/www/webapp/src/components/Field/RecordList.vue
@@ -4,18 +4,18 @@
       <table style="border-spacing: 0; width: 100%" @keydown="keydownHandler($event)" @paste.prevent="pasteHandler($event)">
         <component
                 :is="getRecordComponentName(type)"
-                v-for="(item, index) in value"
+                v-for="(item, index) in inputValue"
                 :key="index"
                 :content="item"
                 :error-messages="errorMessages[index] ? errorMessages[index].content : []"
                 :hide-label="index > 0"
-                :append-icon="value.length > 1 ? mdiClose : ''"
+                :append-icon="inputValue.length > 1 ? mdiClose : ''"
                 :disabled="disabled"
                 :readonly="readonly"
                 :required="required"
                 ref="inputFields"
-                @update:content="$set(value, index, $event)"
-                @input.native="$emit('dirty', $event)"
+                @update:content="updateContent(index, $event)"
+                @dirty="$emit('dirty', $event)"
                 @remove="(e) => removeHandler(index, e)"
                 @keyup="(e) => $emit('keyup', e)"
         />
@@ -25,10 +25,10 @@
             @click="addHandler"
             class="px-0 text-none"
             color="grey"
-            small
-            text
+            size="small"
+            variant="text"
             v-if="!readonly && !disabled"
-    ><v-icon>{{ mdiPlus }}</v-icon> add another value</v-btn>
+    ><v-icon :icon="mdiPlus" /> add another value</v-btn>
   </div>
 </template>
 
@@ -96,6 +96,10 @@ export default {
       type: Boolean,
       default: true,
     },
+    modelValue: {
+      type: Array,
+      default: undefined,
+    },
     value: {
       type: Array,
       default: () => [],
@@ -134,20 +138,33 @@ export default {
       ],
       addHandler: ($event) => {
         self.$emit('dirty', $event);
-        let value = [].concat(this.value);
+        let value = [].concat(this.inputValue);
         value.push('')
+        self.$emit('update:modelValue', value);
         self.$emit('input', value);
         self.$nextTick(() => self.$refs.inputFields[self.$refs.inputFields.length - 1].focus());
       },
       removeHandler: (index, $event) => {
         self.$emit('dirty', $event);
-        let value = [].concat(this.value);
+        let value = [].concat(this.inputValue);
         value.splice(index, 1);
+        self.$emit('update:modelValue', value);
         self.$emit('input', value);
       },
     }
   },
+  computed: {
+    inputValue() {
+      return this.modelValue ?? this.value;
+    },
+  },
   methods: {
+    updateContent(index, value) {
+      const updated = [].concat(this.inputValue);
+      updated.splice(index, 1, value);
+      this.$emit('update:modelValue', updated);
+      this.$emit('input', updated);
+    },
     keydownHandler(e) {
       let offset;
       switch (e.key) {
@@ -186,12 +203,13 @@ export default {
       const n = Math.min((lines[lines.length - 1].match(/ /g) || []).length, this.$refs.inputFields[0].fields.length - 1 - nBeforeCaret);
 
       let value = [].concat(
-          this.value.slice(0, index),
+          this.inputValue.slice(0, index),
           [index_value.slice(0, selectionStart) + lines[0]],
           lines.slice(1, -1),
           [lines[lines.length - 1] + index_value.slice(selectionEnd).replace(new RegExp(` {0,${n}}$`,'g'), '')],
-          this.value.slice(index + 1)
+          this.inputValue.slice(index + 1)
       );
+      this.$emit('update:modelValue', value);
       this.$emit('input', value);
       this.$nextTick(() => this.$refs.inputFields[index + lines.length - 1].setPosition(lines[lines.length - 1].length));
     },
diff --git a/www/webapp/src/components/Field/RecordMX.vue b/www/webapp/src/components/Field/RecordMX.vue
index e6f166af6..e23b4dfda 100644
--- a/www/webapp/src/components/Field/RecordMX.vue
+++ b/www/webapp/src/components/Field/RecordMX.vue
@@ -1,9 +1,17 @@
 <script>
-import { helpers, integer, between } from 'vuelidate/lib/validators';
+import { helpers, integer, between } from '@vuelidate/validators';
 import RecordItem from './RecordItem.vue';
 
-const hostname = helpers.regex('hostname', /^((([a-zA-Z0-9-]+\.?)+)|\.)$/);
-const trailingDot = helpers.regex('trailingDot', /[.]$/);
+const hostnameRegex = /^((([a-zA-Z0-9-]+\.?)+)|\.)$/;
+const trailingDotRegex = /[.]$/;
+const hostname = helpers.withParams(
+  { type: 'hostname' },
+  value => !helpers.req(value) || hostnameRegex.test(String(value).trim()),
+);
+const trailingDot = helpers.withParams(
+  { type: 'trailingDot' },
+  value => !helpers.req(value) || trailingDotRegex.test(String(value).trim()),
+);
 
 const MAX16 = 65535;
 const int16 = between(0, MAX16);
@@ -11,6 +19,7 @@ const int16 = between(0, MAX16);
 export default {
   name: 'RecordMX',
   extends: RecordItem,
+  setup: RecordItem.setup,
   data: () => ({
     fields: [
       {
diff --git a/www/webapp/src/components/Field/RecordNS.vue b/www/webapp/src/components/Field/RecordNS.vue
index ad26aa688..d8722d6b2 100644
--- a/www/webapp/src/components/Field/RecordNS.vue
+++ b/www/webapp/src/components/Field/RecordNS.vue
@@ -1,13 +1,22 @@
 <script>
-import { helpers } from 'vuelidate/lib/validators';
+import { helpers } from '@vuelidate/validators';
 import RecordItem from './RecordItem.vue';
 
-const hostname = helpers.regex('hostname', /^((([a-zA-Z0-9-]+\.?)+)|\.)$/);
-const trailingDot = helpers.regex('trailingDot', /[.]$/);
+const hostnameRegex = /^((([a-zA-Z0-9-]+\.?)+)|\.)$/;
+const trailingDotRegex = /[.]$/;
+const hostname = helpers.withParams(
+  { type: 'hostname' },
+  value => !helpers.req(value) || hostnameRegex.test(String(value).trim()),
+);
+const trailingDot = helpers.withParams(
+  { type: 'trailingDot' },
+  value => !helpers.req(value) || trailingDotRegex.test(String(value).trim()),
+);
 
 export default {
   name: 'RecordNS',
   extends: RecordItem,
+  setup: RecordItem.setup,
   data: () => ({
     fields: [
       {
diff --git a/www/webapp/src/components/Field/RecordOPENPGPKEY.vue b/www/webapp/src/components/Field/RecordOPENPGPKEY.vue
index caa4f70db..84f83f165 100644
--- a/www/webapp/src/components/Field/RecordOPENPGPKEY.vue
+++ b/www/webapp/src/components/Field/RecordOPENPGPKEY.vue
@@ -1,5 +1,5 @@
 <script>
-import { helpers } from 'vuelidate/lib/validators';
+import { helpers } from '@vuelidate/validators';
 import RecordItem from './RecordItem.vue';
 
 const base64 = helpers.regex('base64', /^[0-9a-zA-Z+/][0-9a-zA-Z+/\s]*(=\s*){0,3}$/);
@@ -7,6 +7,7 @@ const base64 = helpers.regex('base64', /^[0-9a-zA-Z+/][0-9a-zA-Z+/\s]*(=\s*){0,3
 export default {
   name: 'RecordOPENPGPKEY',
   extends: RecordItem,
+  setup: RecordItem.setup,
   data: () => ({
     fields: [
       { label: 'Public Key', validations: { base64 } },
diff --git a/www/webapp/src/components/Field/RecordSRV.vue b/www/webapp/src/components/Field/RecordSRV.vue
index 9cc052acf..c6af517d1 100644
--- a/www/webapp/src/components/Field/RecordSRV.vue
+++ b/www/webapp/src/components/Field/RecordSRV.vue
@@ -1,10 +1,18 @@
 <script>
-import { helpers, integer, between } from 'vuelidate/lib/validators';
+import { helpers, integer, between } from '@vuelidate/validators';
 import RecordItem from './RecordItem.vue';
 
 // Allow for root label only, see RFC 2052
-const hostname = helpers.regex('hostname', /^(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,})?[.]?$/);
-const trailingDot = helpers.regex('trailingDot', /[.]$/);
+const hostnameRegex = /^(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,})?[.]?$/;
+const trailingDotRegex = /[.]$/;
+const hostname = helpers.withParams(
+  { type: 'hostname' },
+  value => !helpers.req(value) || hostnameRegex.test(String(value).trim()),
+);
+const trailingDot = helpers.withParams(
+  { type: 'trailingDot' },
+  value => !helpers.req(value) || trailingDotRegex.test(String(value).trim()),
+);
 
 const MAX16 = 65535;
 const int16 = between(0, MAX16);
@@ -12,6 +20,7 @@ const int16 = between(0, MAX16);
 export default {
   name: 'RecordSRV',
   extends: RecordItem,
+  setup: RecordItem.setup,
   data: () => ({
     fields: [
       { label: 'Priority', validations: { integer, int16 } },
diff --git a/www/webapp/src/components/Field/RecordSVCB.vue b/www/webapp/src/components/Field/RecordSVCB.vue
index d6e99ccc8..8131cdf2d 100644
--- a/www/webapp/src/components/Field/RecordSVCB.vue
+++ b/www/webapp/src/components/Field/RecordSVCB.vue
@@ -1,10 +1,18 @@
 <script>
-import { helpers, integer, between } from 'vuelidate/lib/validators';
+import { helpers, integer, between } from '@vuelidate/validators';
 import RecordItem from './RecordItem.vue';
 
 // Allow for root label only
-const hostname = helpers.regex('hostname', /^(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,})?[.]?$/);
-const trailingDot = helpers.regex('trailingDot', /[.]$/);
+const hostnameRegex = /^(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,})?[.]?$/;
+const trailingDotRegex = /[.]$/;
+const hostname = helpers.withParams(
+  { type: 'hostname' },
+  value => !helpers.req(value) || hostnameRegex.test(String(value).trim()),
+);
+const trailingDot = helpers.withParams(
+  { type: 'trailingDot' },
+  value => !helpers.req(value) || trailingDotRegex.test(String(value).trim()),
+);
 
 const MAX16 = 65535;
 const int16 = between(0, MAX16);
@@ -12,6 +20,7 @@ const int16 = between(0, MAX16);
 export default {
   name: 'RecordSVCB',
   extends: RecordItem,
+  setup: RecordItem.setup,
   data: () => ({
     fields: [
       { label: 'Priority', validations: { integer, int16 } },
diff --git a/www/webapp/src/components/Field/RecordSubnet.vue b/www/webapp/src/components/Field/RecordSubnet.vue
index a2226a16e..5c33e705f 100644
--- a/www/webapp/src/components/Field/RecordSubnet.vue
+++ b/www/webapp/src/components/Field/RecordSubnet.vue
@@ -1,5 +1,5 @@
 <script>
-import { helpers, or } from 'vuelidate/lib/validators';
+import { helpers, or } from '@vuelidate/validators';
 import RecordItem from './RecordItem.vue';
 
 // from https://www.oreilly.com/library/view/regular-expressions-cookbook/9781449327453/ch08s16.html, adding subnet
@@ -13,6 +13,7 @@ const ipAddressOrSubnet = or(ip4AddressOrSubnet, ip6AddressOrSubnet);
 export default {
   name: 'RecordSubnet',
   extends: RecordItem,
+  setup: RecordItem.setup,
   data: () => ({
     errors: {
       ipAddressOrSubnet: 'This field must contain an IP address or subnet.'
diff --git a/www/webapp/src/components/Field/RecordTLSA.vue b/www/webapp/src/components/Field/RecordTLSA.vue
index aa5ee6fdc..b08a67401 100644
--- a/www/webapp/src/components/Field/RecordTLSA.vue
+++ b/www/webapp/src/components/Field/RecordTLSA.vue
@@ -1,5 +1,5 @@
 <script>
-import { and, helpers, integer, between } from 'vuelidate/lib/validators';
+import { and, helpers, integer, between } from '@vuelidate/validators';
 import RecordItem from './RecordItem.vue';
 
 const hex = helpers.regex('hex', /^([0-9a-fA-F]\s*)*[0-9a-fA-F]$/);
@@ -11,6 +11,7 @@ const int8 = between(0, MAX8);
 export default {
   name: 'RecordTLSA',
   extends: RecordItem,
+  setup: RecordItem.setup,
   data: () => ({
     fields: [
       { label: 'Usage', validations: { integer, int8 } },
diff --git a/www/webapp/src/components/Field/RecordTXT.vue b/www/webapp/src/components/Field/RecordTXT.vue
index 73f2739e4..6338c7214 100644
--- a/www/webapp/src/components/Field/RecordTXT.vue
+++ b/www/webapp/src/components/Field/RecordTXT.vue
@@ -1,15 +1,19 @@
 <script>
-import { helpers } from 'vuelidate/lib/validators';
+import { helpers } from '@vuelidate/validators';
 import RecordItem from './RecordItem.vue';
 
-const txtToken = helpers.regex('txtToken', /^".*"$/);
+const txtToken = helpers.withMessage(
+  'TXT records must either be fully quoted or contain no quotes.',
+  value => !helpers.req(value) || /^".*"$/.test(value) || !value.includes('"'),
+);
 
 export default {
   name: 'RecordTXT',
   extends: RecordItem,
+  setup: RecordItem.setup,
   data: () => ({
     errors: {
-      txtToken: 'This record must begin and end with quotes (").',
+      txtToken: 'TXT records must either be fully quoted or contain no quotes.',
     },
     fields: [
       { label: 'Content', validations: { txtToken } },
diff --git a/www/webapp/src/components/Field/TTL.vue b/www/webapp/src/components/Field/TTL.vue
index c91d38c31..8cba77e06 100644
--- a/www/webapp/src/components/Field/TTL.vue
+++ b/www/webapp/src/components/Field/TTL.vue
@@ -3,16 +3,15 @@
     :label="label"
     :disabled="disabled || readonly"
     :error-messages="errorMessages"
-    :value="value"
+    :model-value="inputValue"
     type="number"
     max="86400"
     :min="min"
     :placeholder="required ? '' : '(optional)'"
     :required="required"
     :rules="rules"
-    @input="changed('input', $event)"
-    @input.native="$emit('dirty', $event)"
-    @keyup="changed('keyup', $event)"
+    @update:modelValue="updateValue"
+    @keyup="handleKeyup"
   />
 </template>
 
@@ -44,9 +43,13 @@ export default {
       type: Boolean,
       default: false,
     },
+    modelValue: {
+      type: [String, Number],
+      required: false,
+    },
     value: {
       type: [String, Number],
-      required: true,
+      required: false,
     },
   },
   data() { return {
@@ -55,9 +58,19 @@ export default {
       v => v >= this.min && v <= 86400 || `${this.min} ≤ … ≤ 86400`,
     ],
   }},
+  computed: {
+    inputValue() {
+      return this.modelValue ?? this.value;
+    },
+  },
   methods: {
-    changed(event, e) {
-      this.$emit(event, e);
+    updateValue(value) {
+      this.$emit('update:modelValue', value);
+      this.$emit('input', value);
+      this.$emit('dirty');
+    },
+    handleKeyup(event) {
+      this.$emit('keyup', event);
       this.$emit('dirty');
     },
   },
diff --git a/www/webapp/src/components/Field/TimeAgo.vue b/www/webapp/src/components/Field/TimeAgo.vue
index 4ace553c4..06d6dc5c2 100644
--- a/www/webapp/src/components/Field/TimeAgo.vue
+++ b/www/webapp/src/components/Field/TimeAgo.vue
@@ -1,7 +1,7 @@
 <template>
   <div
       class="my-1 py-5"
-      :title="value"
+      :title="inputValue"
   >
     <span v-text="formattedValue"></span>
   </div>
@@ -13,6 +13,10 @@ import {formatDistanceToNow} from 'date-fns/formatDistanceToNow';
 export default {
   name: 'TimeAgo',
   props: {
+    modelValue: {
+      default: '',
+      type: String,
+    },
     value: {
       default: '',
       type: String,
@@ -23,8 +27,11 @@ export default {
     },
   },
   computed: {
+    inputValue() {
+      return this.modelValue ?? this.value;
+    },
     formattedValue() {
-      const inputTime = this.value;
+      const inputTime = this.inputValue;
       if(!inputTime)
         return this.defaultText
 
diff --git a/www/webapp/src/components/QrcodeVue.vue b/www/webapp/src/components/QrcodeVue.vue
new file mode 100644
index 000000000..a818a0e1d
--- /dev/null
+++ b/www/webapp/src/components/QrcodeVue.vue
@@ -0,0 +1,61 @@
+<script>
+import { h } from 'vue';
+import LegacyQrcodeVue from '@/modules/qrcode.vue/dist/qrcode.vue.esm';
+
+export default {
+  name: 'QrcodeVue',
+  ...LegacyQrcodeVue,
+  render() {
+    const {
+      className,
+      value,
+      level,
+      background,
+      foreground,
+      size,
+      renderAs,
+      numCells,
+      fgPath,
+    } = this;
+
+    const containerProps = {
+      class: className || undefined,
+      value,
+      level,
+      background,
+      foreground,
+    };
+
+    if (renderAs === 'svg') {
+      return h('div', containerProps, [
+        h(
+          'svg',
+          {
+            height: size,
+            width: size,
+            shapeRendering: 'crispEdges',
+            viewBox: `0 0 ${numCells} ${numCells}`,
+            style: { width: `${size}px`, height: `${size}px` },
+          },
+          [
+            h('path', {
+              fill: background,
+              d: `M0,0 h${numCells}v${numCells}H0z`,
+            }),
+            h('path', { fill: foreground, d: fgPath }),
+          ],
+        ),
+      ]);
+    }
+
+    return h('div', containerProps, [
+      h('canvas', {
+        height: size,
+        width: size,
+        style: { width: `${size}px`, height: `${size}px` },
+        ref: 'qrcode-vue',
+      }),
+    ]);
+  },
+};
+</script>
diff --git a/www/webapp/src/components/ResetPasswordActionHandler.vue b/www/webapp/src/components/ResetPasswordActionHandler.vue
index f5b29363a..577b27b4e 100644
--- a/www/webapp/src/components/ResetPasswordActionHandler.vue
+++ b/www/webapp/src/components/ResetPasswordActionHandler.vue
@@ -3,7 +3,7 @@
     <div class="text-center" v-if="!success">
         <v-text-field
                 v-model="payload.new_password"
-                :append-icon="show ? mdiEyeOff : mdiEye"
+                :append-inner-icon="show ? mdiEyeOff : mdiEye"
                 label="New password"
                 required
                 :disabled="working"
@@ -11,11 +11,11 @@
                 :type="show ? 'text' : 'password'"
                 hint="At least 8 characters"
                 autocomplete="new-password"
-                @click:append="show = !show"
+                @click:append-inner="show = !show"
                 tabindex="1"
         ></v-text-field>
         <v-btn
-                depressed
+                variant="flat"
                 color="primary"
                 type="submit"
                 :disabled="working || !valid"
diff --git a/www/webapp/src/main.js b/www/webapp/src/main.js
index 49dc4ef6b..b97c07c18 100644
--- a/www/webapp/src/main.js
+++ b/www/webapp/src/main.js
@@ -1,28 +1,19 @@
-import Vue from 'vue'
+import { createApp } from 'vue'
 import App from '@/App.vue'
 import router from '@/router'
 import vuetify from '@/plugins/vuetify'
-import VueRouter from 'vue-router'
-import Vuelidate from 'vuelidate'
 import "@fontsource/roboto/300.css" /* light */
 import "@fontsource/roboto/400.css" /* regular */
 import "@fontsource/roboto/400-italic.css" /* regular-italic */
 import "@fontsource/roboto/500.css" /* medium */
 import "@fontsource/roboto/700.css" /* bold */
-import {createPinia, PiniaVuePlugin} from "pinia";
+import { createPinia } from "pinia";
 
-
-Vue.config.productionTip = false
-Vue.use(Vuelidate)
-// `Pinia` replaces `vuex` as store.
-Vue.use(PiniaVuePlugin)
+const app = createApp(App)
 const pinia = createPinia()
-// Must be after `pinia` initialisation to be accessible.
-Vue.use(VueRouter)
 
-new Vue({
-  router,
-  pinia,
-  vuetify,
-  render: h => h(App)
-}).$mount('#app')
+app.use(pinia)
+app.use(router)
+app.use(vuetify)
+
+app.mount('#app')
diff --git a/www/webapp/src/plugins/vuetify.js b/www/webapp/src/plugins/vuetify.js
index b616aac30..7f38e5e85 100644
--- a/www/webapp/src/plugins/vuetify.js
+++ b/www/webapp/src/plugins/vuetify.js
@@ -1,21 +1,30 @@
-import Vue from 'vue';
-import Vuetify from 'vuetify/lib';
-import colors from 'vuetify/lib/util/colors'
+import 'vuetify/styles'
+import { createVuetify } from 'vuetify'
+import { aliases, mdi } from 'vuetify/iconsets/mdi-svg'
+import { VDataTable, VOtpInput } from 'vuetify/components'
+import colors from 'vuetify/util/colors'
 
-
-Vue.use(Vuetify);
-
-
-export default new Vuetify({
+export default createVuetify({
+  components: {
+    VDataTable,
+    VOtpInput,
+  },
   icons: {
-    iconfont: 'mdiSvg', // 'mdi' || 'mdiSvg' || 'md' || 'fa' || 'fa4' || 'faSvg'
+    defaultSet: 'mdi',
+    aliases,
+    sets: {
+      mdi,
+    },
   },
   theme: {
+    defaultTheme: 'light',
     themes: {
       light: {
-        primary: colors.amber,
-        secondary: colors.lightBlue.darken1,
-        accent: colors.amber.accent4,
+        colors: {
+          primary: colors.amber.base,
+          secondary: colors.lightBlue.darken1,
+          accent: colors.amber.accent4,
+        },
       },
     },
   },
diff --git a/www/webapp/src/router/index.js b/www/webapp/src/router/index.js
index 123fb6429..681a3d846 100644
--- a/www/webapp/src/router/index.js
+++ b/www/webapp/src/router/index.js
@@ -1,8 +1,20 @@
-import VueRouter from 'vue-router'
+import { createRouter, createWebHistory } from 'vue-router'
 import HomePage from '@/views/HomePage.vue'
 import {HTTP} from '@/utils';
 import {useUserStore} from "@/store/user";
 
+const lazy = (loader) => () => loader().catch((error) => {
+  const message = error?.message || '';
+  if (
+    message.includes('Failed to fetch dynamically imported module') ||
+    message.includes('Importing a module script failed') ||
+    message.includes('error loading dynamically imported module')
+  ) {
+    window.location.reload();
+  }
+  throw error;
+});
+
 const routes = [
   {
     path: '/',
@@ -12,136 +24,132 @@ const routes = [
   {
     path: '/signup/:email?',
     name: 'signup',
-    // route level code-splitting
-    // this generates a separate chunk (about.[hash].js) for this route
-    // which is lazy-loaded when the route is visited.
-    component: () => import('@/views/SignUp.vue'),
+    component: lazy(() => import('@/views/SignUp.vue')),
   },
   {
     path: '/custom-setup/:domain',
     name: 'customSetup',
-    component: () => import('@/views/DomainSetupPage.vue'),
+    component: lazy(() => import('@/views/DomainSetupPage.vue')),
     props: true,
   },
   {
     path: '/dyn-setup/:domain',
     alias: '/dynsetup/:domain',
     name: 'dynSetup',
-    component: () => import('@/views/DynSetup.vue'),
+    component: lazy(() => import('@/views/DynSetup.vue')),
   },
   {
     path: '/welcome/:domain?',
     name: 'welcome',
-    component: () => import('@/views/WelcomePage.vue'),
+    component: lazy(() => import('@/views/WelcomePage.vue')),
   },
   {
-    path: 'https://desec.readthedocs.io/',
+    path: '/docs',
     name: 'docs',
-    beforeEnter(to) { location.href = to.path },
+    beforeEnter() { location.href = 'https://desec.readthedocs.io/' },
   },
   {
-    path: 'https://talk.desec.io/',
+    path: '/talk',
     name: 'talk',
-    beforeEnter(to) { location.href = to.path },
+    beforeEnter() { location.href = 'https://talk.desec.io/' },
   },
   {
     path: '/confirm/:action/:code',
     name: 'confirmation',
-    component: () => import('@/views/ConfirmationPage.vue')
+    component: lazy(() => import('@/views/ConfirmationPage.vue'))
   },
   {
     path: '/reset-password/:email?',
     name: 'reset-password',
-    component: () => import('@/views/ResetPassword.vue'),
+    component: lazy(() => import('@/views/ResetPassword.vue')),
   },
   {
     path: '/totp/',
     name: 'totp',
-    component: () => import('@/views/CrudListTOTP.vue'),
+    component: lazy(() => import('@/views/CrudListTOTP.vue')),
     meta: {guest: false},
   },
   {
     path: '/totp-verify/',
     name: 'TOTPVerify',
-    component: () => import('@/views/Console/TOTPVerifyDialog.vue'),
+    component: lazy(() => import('@/views/Console/TOTPVerifyDialog.vue')),
     props: (route) => ({...route.params}),
   },
   {
     path: '/mfa/',
     name: 'mfa',
-    component: () => import('@/views/MFA.vue'),
+    component: lazy(() => import('@/views/MFA.vue')),
     meta: {guest: false},
   },
   {
     path: '/change-email/:email?',
     name: 'change-email',
-    component: () => import('@/views/ChangeEmail.vue'),
+    component: lazy(() => import('@/views/ChangeEmail.vue')),
     meta: {guest: false},
   },
   {
     path: '/delete-account/',
     name: 'delete-account',
-    component: () => import('@/views/DeleteAccount.vue'),
+    component: lazy(() => import('@/views/DeleteAccount.vue')),
     meta: {guest: false},
   },
   {
     path: '/donate/',
     name: 'donate',
-    component: () => import('@/views/DonatePage.vue'),
+    component: lazy(() => import('@/views/DonatePage.vue')),
   },
   {
-    path: 'https://github.com/desec-io/desec-stack/milestones?direction=asc&sort=title&state=open',
+    path: '/roadmap',
     name: 'roadmap',
-    beforeEnter(to) { location.href = to.path },
+    beforeEnter() { location.href = 'https://github.com/desec-io/desec-stack/milestones?direction=asc&sort=title&state=open' },
   },
   {
     path: '/impressum/',
     name: 'impressum',
-    component: () => import('@/views/ImpressumPage.vue'),
+    component: lazy(() => import('@/views/ImpressumPage.vue')),
   },
   {
     path: '/privacy-policy/',
     name: 'privacy-policy',
-    component: () => import('@/views/PrivacyPolicy.vue'),
+    component: lazy(() => import('@/views/PrivacyPolicy.vue')),
   },
   {
     path: '/terms/',
     name: 'terms',
-    component: () => import('@/views/TermsPage.vue'),
+    component: lazy(() => import('@/views/TermsPage.vue')),
   },
   {
     path: '/about/',
     name: 'about',
-    component: () => import('@/views/AboutPage.vue'),
+    component: lazy(() => import('@/views/AboutPage.vue')),
   },
   {
     path: '/login',
     name: 'login',
-    component: () => import('@/views/LoginPage.vue'),
+    component: lazy(() => import('@/views/LoginPage.vue')),
   },
   {
     path: '/tokens',
     name: 'tokens',
-    component: () => import('@/views/CrudListToken.vue'),
+    component: lazy(() => import('@/views/CrudListToken.vue')),
     meta: {guest: false},
   },
   {
     path: '/domains',
     name: 'domains',
-    component: () => import('@/views/CrudListDomain.vue'),
+    component: lazy(() => import('@/views/CrudListDomain.vue')),
     meta: {guest: false},
   },
   {
     path: '/domains/:domain',
     name: 'domain',
-    component: () => import('@/views/CrudListRecord.vue'),
+    component: lazy(() => import('@/views/CrudListRecord.vue')),
     meta: {guest: false},
   },
 ]
 
-const router = new VueRouter({
-  mode: 'history',
-  base: import.meta.env.BASE_URL,
+const router = createRouter({
+  history: createWebHistory(import.meta.env.BASE_URL),
   scrollBehavior (to, from) {
     // Skip if destination full path has query parameters and differs in no other way from previous
     if (from && Object.keys(to.query).length) {
diff --git a/www/webapp/src/views/AboutPage.vue b/www/webapp/src/views/AboutPage.vue
index dbf24088e..62bb9fb2c 100644
--- a/www/webapp/src/views/AboutPage.vue
+++ b/www/webapp/src/views/AboutPage.vue
@@ -26,7 +26,7 @@
         </v-row>
       </v-container>
     </v-card>
-    <v-container fluid class="grey lighten-4">
+    <v-container fluid class="bg-grey-lighten-4">
       <v-container>
         <v-row class="pt-8">
           <v-col class="text-center">
diff --git a/www/webapp/src/views/ChangeEmail.vue b/www/webapp/src/views/ChangeEmail.vue
index b275b2dc1..d6d7f018c 100644
--- a/www/webapp/src/views/ChangeEmail.vue
+++ b/www/webapp/src/views/ChangeEmail.vue
@@ -20,7 +20,6 @@
                     <v-card class="elevation-12 pb-4">
                         <v-toolbar
                                 color="primary"
-                                dark
                                 flat
                         >
                             <v-toolbar-title>Change Account Email Address</v-toolbar-title>
@@ -38,32 +37,30 @@
                             <v-text-field
                                     v-model="email"
                                     label="Current Email"
-                                    prepend-icon="mdi-blank"
-                                    outlined
+                                    variant="outlined"
                                     required
                                     :disabled="true"
                                     validate-on-blur
                             />
                             <v-text-field
                                     v-model="password"
-                                    :append-icon="show ? mdiEyeOff : mdiEye"
-                                    prepend-icon="mdi-blank"
-                                    outlined
+                                    :append-inner-icon="show ? mdiEyeOff : mdiEye"
+                                    variant="outlined"
                                     label="Password"
                                     required
                                     :rules="[rules.required]"
                                     :type="show ? 'text' : 'password'"
                                     :error-messages="password_errors"
                                     @change="password_errors=[]"
-                                    @click:append="show = !show"
+                                    @click:append-inner="show = !show"
                                     ref="password"
                                     tabindex="1"
                             ></v-text-field>
                             <v-text-field
                                     v-model="new_email"
                                     label="New Email"
-                                    :prepend-icon="mdiEmail"
-                                    outlined
+                                    :prepend-inner-icon="mdiEmail"
+                                    variant="outlined"
                                     required
                                     :rules="[rules.required, rules.email]"
                                     :error-messages="email_errors"
@@ -74,7 +71,7 @@
                         </v-card-text>
                         <v-card-actions class="justify-center">
                             <v-btn
-                                    depressed
+                                    variant="flat"
                                     color="primary"
                                     type="submit"
                                     :loading="working"
@@ -143,7 +140,8 @@
         return this.$refs.password.focus();
       },
       async changeEmail() {
-        if (!this.$refs.form.validate()) {
+        const { valid } = await this.$refs.form.validate();
+        if (!valid) {
           return;
         }
         this.working = true;
diff --git a/www/webapp/src/views/ConfirmationPage.vue b/www/webapp/src/views/ConfirmationPage.vue
index efd535025..503a6d313 100644
--- a/www/webapp/src/views/ConfirmationPage.vue
+++ b/www/webapp/src/views/ConfirmationPage.vue
@@ -15,7 +15,6 @@
         <v-card class="elevation-12">
           <v-toolbar
                   color="primary"
-                  dark
                   flat
           >
             <v-toolbar-title class="capitalize">{{ actionName }} Confirmation</v-toolbar-title>
@@ -41,7 +40,7 @@
               If you like our service, please consider donating.
             </p>
             <p class="text-center">
-              <v-btn outlined :to="{name: 'donate'}">Donate</v-btn>
+              <v-btn variant="outlined" :to="{name: 'donate'}">Donate</v-btn>
             </p>
           </v-card-text>
         </v-card>
@@ -127,11 +126,6 @@
         this.errors.splice(0, this.errors.length);
       }
     },
-    filters: {
-      replace: function (value, a, b) {
-        return value.replace(a, b)
-      }
-    },
   };
 </script>
 
diff --git a/www/webapp/src/views/Console/DomainSetupDialog.vue b/www/webapp/src/views/Console/DomainSetupDialog.vue
index c112777df..509b89692 100644
--- a/www/webapp/src/views/Console/DomainSetupDialog.vue
+++ b/www/webapp/src/views/Console/DomainSetupDialog.vue
@@ -7,70 +7,133 @@
     @keydown.esc="close"
   >
     <v-card>
-      <v-card-title>
-        <div class="text-h6">
+      <v-toolbar flat>
+        <v-toolbar-title>
           Setup Instructions for <b>{{ domain }}</b>
-        </div>
+        </v-toolbar-title>
         <v-spacer/>
-        <v-icon @click.stop="close">
-          {{ mdiClose }}
-        </v-icon>
-      </v-card-title>
+        <v-btn
+          icon
+          variant="text"
+          @click.stop="close"
+        >
+          <v-icon :icon="mdiClose" />
+        </v-btn>
+      </v-toolbar>
       <v-divider/>
 
       <v-alert
           class="mb-0"
-          :value="isNew"
+          :model-value="isNew"
           type="success"
       >
         Your domain <b>{{ domain }}</b> has been successfully created!
       </v-alert>
 
       <v-card-text>
-        <domain-setup v-bind="$attrs" :domain="domain"></domain-setup>
+        <error-alert v-if="errors.length" :errors="errors" class="mb-4" />
+        <delegation-status
+          v-if="delegation"
+          :item="delegation"
+          class="mb-4"
+        />
+        <domain-setup
+          v-bind="$attrs"
+          :domain="domain"
+          :delegation="delegation"
+        ></domain-setup>
       </v-card-text>
+
+      <v-card-actions class="pb-4">
+        <v-spacer />
+        <v-btn
+          color="primary"
+          variant="outlined"
+          :loading="working"
+          :disabled="working || !delegation"
+          @click="runDelegationCheck"
+        >
+          <v-icon :icon="mdiRefresh" class="mr-1" />
+          Run check now
+        </v-btn>
+        <v-btn color="primary" variant="text" @click="close">Close</v-btn>
+      </v-card-actions>
     </v-card>
   </v-dialog>
 </template>
 
 <script>
 import DomainSetup from "@/views/DomainSetup.vue";
-import {mdiClose} from "@mdi/js";
+import {mdiClose, mdiRefresh} from "@mdi/js";
+import DelegationStatus from "@/components/Field/DelegationStatus.vue";
+import ErrorAlert from "@/components/ErrorAlert.vue";
+import {HTTP, digestError} from "@/utils";
 
 export default {
   name: 'DomainSetupDialog',
-  components: { DomainSetup },
+  components: { DomainSetup, DelegationStatus, ErrorAlert },
   props: {
     domain: {
       type: String,
       required: true,
     },
+    delegation: {
+      type: Object,
+      default: null,
+    },
     isNew: {
       type: Boolean,
       default: false,
     },
-  },
-  data: () => ({
-    mdiClose,
-    value: {
+    modelValue: {
       type: Boolean,
       default: true,
     },
+  },
+  data: () => ({
+    mdiClose,
+    mdiRefresh,
+    working: false,
+    errors: [],
   }),
   computed: {
     show: {
       get() {
-        return this.value
+        return this.modelValue
       },
       set(value) {
+         this.$emit('update:modelValue', value)
          this.$emit('input', value)
       }
-    }
+    },
   },
   methods: {
+    async runDelegationCheck() {
+      if (!this.delegation || this.working) {
+        return;
+      }
+      this.errors = [];
+      this.working = true;
+      try {
+        const response = await HTTP.post(
+          `domains/${this.domain}/delegation-check/`
+        );
+        Object.assign(this.delegation, response.data);
+      } catch (ex) {
+        const errors = await digestError(ex, this);
+        for (const key in errors) {
+          this.errors.push(...errors[key]);
+        }
+      } finally {
+        this.working = false;
+      }
+    },
     close() {
       this.show = false;
     }
   },
 };
 </script>
+
+<style scoped>
+</style>
diff --git a/www/webapp/src/views/Console/TOTPVerifyDialog.vue b/www/webapp/src/views/Console/TOTPVerifyDialog.vue
index 4290b6b76..3cb202055 100644
--- a/www/webapp/src/views/Console/TOTPVerifyDialog.vue
+++ b/www/webapp/src/views/Console/TOTPVerifyDialog.vue
@@ -8,43 +8,48 @@
   >
     <v-form @submit.prevent="verify" ref="form">
       <v-card>
-        <v-card-title>
-          <div class="text-h6">
-            Verify TOTP: <b>{{ name }}</b>
-          </div>
+        <v-card-title class="d-flex align-center">
+          <span class="text-h6">
+            Verify TOTP: <b>{{ displayName }}</b>
+          </span>
           <v-spacer/>
-          <v-icon @click.stop="close">
-            {{ mdiClose }}
-          </v-icon>
+          <v-btn
+            icon
+            variant="text"
+            :aria-label="'Close dialog'"
+            @click.stop="close"
+          >
+            <v-icon :icon="mdiClose" />
+          </v-btn>
         </v-card-title>
         <v-divider/>
 
-        <v-alert class="mb-0" :value="!!detail" type="warning">
+        <v-alert class="mb-0" :model-value="!!detail" type="warning">
           {{ detail }}
         </v-alert>
-        <v-alert class="mb-0" :value="!!successDetail" type="success">
+        <v-alert class="mb-0" :model-value="!!successDetail" type="success">
           {{ successDetail }}
         </v-alert>
         <error-alert :errors="errors"></error-alert>
 
         <v-card-text v-if="!!successDetail" class="text-center">
           <p class="mt-2">
-            <v-icon>{{ mdiCheck }}</v-icon>
+            <v-icon :icon="mdiCheck" />
             Great! Continue to <router-link :to="{name: 'login'}">log in</router-link>.
           </p>
         </v-card-text>
 
-        <v-card-text v-if="!!data && !successDetail" class="text-center">
+        <v-card-text v-if="!!payload && !successDetail" class="text-center">
           <p class="mt-2">
-            <v-icon>{{ mdiNumeric1Circle }}</v-icon>
+            <v-icon :icon="mdiNumeric1Circle" />
             Please scan the following QR code with an authenticator app (e.g. Google Authenticator).<br />
             <strong>This code is only displayed once.</strong>
           </p>
           <div class="text-center">
-            <qrcode-vue :value="data.uri" size="300" level="H"/>
+            <qrcode-vue :value="payload.uri" size="300" level="H"/>
           </div>
           <p class="mt-6">
-            <v-icon>{{ mdiNumeric2Circle }}</v-icon>
+            <v-icon :icon="mdiNumeric2Circle" />
             Enter the code displayed in the authenticator app to confirm and activate the token:
           </p>
 
@@ -65,7 +70,7 @@
             <v-row dense align="center" class="justify-center">
               <v-col cols="auto">
                 <v-btn
-                        depressed
+                        variant="flat"
                         color="primary"
                         type="submit"
                         :disabled="working || code.length != 6"
@@ -81,7 +86,7 @@
           <p>
             <small>
             Want to know what's in the code? — It's your TOTP secret:<br />
-            {{ data.secret }}</small>
+            {{ payload.secret }}</small>
           </p>
         </v-card-text>
       </v-card>
@@ -92,7 +97,7 @@
 <script>
 import {digestError, HTTP, logout, withWorking} from '@/utils'
 import ErrorAlert from "@/components/ErrorAlert.vue";
-import QrcodeVue from '../../modules/qrcode.vue/dist/qrcode.vue.esm'
+import QrcodeVue from '@/components/QrcodeVue.vue'
 import {mdiCheck, mdiClose, mdiNumeric1Circle, mdiNumeric2Circle} from "@mdi/js";
 
 export default {
@@ -104,15 +109,18 @@ export default {
   props: {
     name: {
       type: String,
-      required: true,
+      required: false,
+      default: '',
     },
     detail: {
       type: String,
       required: false,
+      default: '',
     },
     data: {
       type: Object,
       required: false,
+      default: null,
     },
   },
   data: () => ({
@@ -121,24 +129,47 @@ export default {
     errors: [],
     working: false,
     show: true,
+    sessionData: null,
     mdiCheck,
     mdiClose,
     mdiNumeric1Circle,
     mdiNumeric2Circle,
   }),
+  computed: {
+    payload() {
+      return this.data || this.sessionData;
+    },
+    displayName() {
+      return this.name || this.$route.query.name || this.payload?.name || '';
+    },
+  },
+  mounted() {
+    if (!this.data) {
+      const raw = sessionStorage.getItem('totpVerifyData');
+      if (raw) {
+        try {
+          this.sessionData = JSON.parse(raw);
+        } catch {
+          this.sessionData = null;
+        }
+        sessionStorage.removeItem('totpVerifyData');
+      }
+    }
+  },
   methods: {
     close() {
       this.show = false;
     },
     async verify() {
-      if (!this.$refs.form.validate()) {
+      const { valid } = await this.$refs.form.validate();
+      if (!valid) {
         return;
       }
       this.working = true;
       this.errors.splice(0, this.errors.length);
       try {
         let res = await withWorking(undefined,
-            () => HTTP.post('auth/totp/' + this.data.id + '/verify/', {code: this.code})
+            () => HTTP.post('auth/totp/' + this.payload.id + '/verify/', {code: this.code})
         );
         this.successDetail = res.data.detail;
         await logout();
diff --git a/www/webapp/src/views/CrudList.vue b/www/webapp/src/views/CrudList.vue
index ae49afc74..d3e3d1e26 100644
--- a/www/webapp/src/views/CrudList.vue
+++ b/www/webapp/src/views/CrudList.vue
@@ -20,18 +20,16 @@
           <!-- The Actual Table -->
           <v-data-table
                   :headers="headers"
-                  :item-class="itemClass"
+                  :row-props="rowProps"
                   :items="rows"
                   :search="search"
                   :custom-filter="filterSearchableCols"
                   :loading="user.working || createDialogWorking || destroyDialogWorking"
-                  :footer-props="{
-                    'items-per-page-options': [10, 20, 30, 50, 100, -1]
-                  }"
                   :items-per-page="itemsPerPage"
+                  :items-per-page-options="[10, 20, 30, 50, 100, -1]"
                   class="elevation-1"
                   @click:row="rowClick"
-                  @pagination="updatePagination"
+                  @update:options="updatePagination"
           >
             <template #top>
               <!-- Headline & Toolbar, Including New Form -->
@@ -40,8 +38,8 @@
                 <v-spacer />
                 <v-text-field
                         v-model="search"
-                        v-if="$vuetify.breakpoint.smAndUp"
-                        :append-icon="mdiMagnify"
+                        v-if="display.smAndUp"
+                        :append-inner-icon="mdiMagnify"
                         label="Search"
                         single-line
                         hide-details
@@ -57,18 +55,17 @@
                 <v-btn
                         id="create"
                         color="primary"
-                        dark
-                        small
-                        fab
-                        depressed
+                        size="small"
+                        icon
+                        variant="flat"
                         :disabled="user.working"
                 >
-                  <v-icon>{{ mdiPlus }}</v-icon>
+                  <v-icon :icon="mdiPlus" />
                 </v-btn>
-                <template #extension v-if="$vuetify.breakpoint.xsOnly">
+                <template #extension v-if="display.xs">
                   <v-text-field
                           v-model="search"
-                          :append-icon="mdiMagnify"
+                          :append-inner-icon="mdiMagnify"
                           label="Search"
                           single-line
                           hide-details
@@ -83,13 +80,11 @@
                         @keydown.esc="close"
                 >
                   <v-card>
-                    <v-form v-model="valid" @submit.prevent="save()">
+                    <v-form ref="createForm" v-model="valid" @submit.prevent="save()">
                       <v-card-title>
                         <span class="text-h5">{{ headlines.create }}</span>
                         <v-spacer />
-                        <v-icon @click.stop="close">
-                          {{ mdiClose }}
-                        </v-icon>
+                        <v-icon :icon="mdiClose" @click.stop="close" />
                       </v-card-title>
                       <v-divider />
                       <v-progress-linear
@@ -101,23 +96,23 @@
                       <error-alert v-if="createDialogError" :errors="errors"></error-alert>
 
                       <v-alert
-                              :value="createDialogSuccess"
+                              :model-value="createDialogSuccess"
                               type="success"
                               style="overflow: auto"
                       >
-                        <span v-html="texts.createSuccess(createDialogItem)"></span>
+                        <span v-html="createSuccessText"></span>
                       </v-alert>
 
                       <v-alert
-                              :value="!!texts.createWarning(destroyDialogItem)"
+                              :model-value="!!createWarningText"
                               type="warning"
                       >
-                        {{ texts.createWarning(createDialogItem) }}
+                        {{ createWarningText }}
                       </v-alert>
 
                       <v-card-text v-if="createDialog">
                         <!-- v-if required here to make autofocus below working for the 2nd+ times, cf stackoverflow.com/a/51476992 -->
-                        <span v-html="texts.create()"></span>
+                        <span v-html="createText"></span>
                         <!-- New Form -->
                         <component
                                 :is="c.datatype"
@@ -131,7 +126,7 @@
                                 :disabled="createInhibited || createDialogSuccess"
                                 :hint="c.hint"
                                 autofocus
-                                @input="clearErrors(c)"
+                                @update:modelValue="clearErrors(c)"
                         />
 
                           <v-expansion-panels
@@ -139,10 +134,10 @@
                               v-if="Object.keys(writeableAdvancedColumns).length > 0"
                           >
                             <v-expansion-panel>
-                              <v-expansion-panel-header class="primary lighten-5">
+                              <v-expansion-panel-title class="bg-primary-lighten-5">
                                 <span>Advanced settings</span>
-                              </v-expansion-panel-header>
-                              <v-expansion-panel-content>
+                              </v-expansion-panel-title>
+                              <v-expansion-panel-text>
                                 <component
                                         :is="c.datatype"
                                         v-for="(c, id) in writeableAdvancedColumns"
@@ -154,13 +149,13 @@
                                         :required="c.required || false"
                                         :disabled="createInhibited || createDialogSuccess"
                                         autofocus
-                                        @input="clearErrors(c)"
+                                        @update:modelValue="clearErrors(c)"
                                 />
-                              </v-expansion-panel-content>
+                              </v-expansion-panel-text>
                             </v-expansion-panel>
                           </v-expansion-panels>
 
-                        <div class="mt-4" v-html="texts.createBottom()"></div>
+                        <div class="mt-4" v-html="createBottomText"></div>
                       </v-card-text>
 
                       <v-card-actions class="pb-4">
@@ -168,9 +163,9 @@
                         <v-btn
                                 color="primary"
                                 class="grow"
-                                :outlined="!createDialogSuccess"
+                                :variant="createDialogSuccess ? 'text' : 'outlined'"
                                 :disabled="createDialogWorking"
-                                @click.native="close"
+                                @click="close"
                         >
                           {{ createDialogSuccess ? 'Close' : 'Cancel' }}
                         </v-btn>
@@ -178,8 +173,8 @@
                                 type="submit"
                                 color="primary"
                                 class="grow"
-                                depressed
-                                :disabled="createInhibited || !valid || createDialogWorking || createDialogSuccess"
+                                variant="flat"
+                                :disabled="createInhibited || createFormInvalid || createDialogWorking || createDialogSuccess"
                                 :loading="createDialogWorking"
                                 v-if="!createDialogSuccess"
                         >
@@ -191,7 +186,7 @@
                   </v-card>
                 </v-dialog>
               </v-toolbar>
-              <v-alert text type="info" v-if="texts.banner"><span v-html="texts.banner()"></span></v-alert>
+              <v-alert variant="text" type="info" v-if="bannerText"><span v-html="bannerText"></span></v-alert>
             </template>
 
             <template
@@ -207,36 +202,36 @@
                 v-bind="column.fieldProps ? column.fieldProps(itemFieldProps.item) : {}"
                 @keyup="keyupHandler"
                 @dirty="dirty.add(itemFieldProps.item); dirtyError.delete(itemFieldProps.item);"
+                @click="column.onClick ? column.onClick(itemFieldProps.item, $event) : null"
               />
             </template>
             <template #[`item.actions`]="itemFieldProps">
-              <v-layout
+              <v-row
                       class="my-1 py-3"
-                      justify-end
+                      justify="end"
               >
                 <div :key="key" v-for="[key, action] in getActions(actions)">
                   <v-tooltip
                       :disabled="!action.tooltip"
-                      top
+                      location="top"
                       transition="fade-transition"
                   >
-                    <template #activator="{ on, attrs }">
+                    <template #activator="{ props }">
                       <v-btn
-                              v-bind="attrs"
-                              v-on="on"
+                              v-bind="props"
                               :disabled="user.working || itemIsReadOnly(itemFieldProps.item, key)"
                               :class="'button-' + key"
                               color="grey"
                               icon
                               @click.stop="action.go(itemFieldProps.item, $event)"
                       >
-                        <v-icon>{{ action.icon }}</v-icon>
+                        <v-icon :icon="action.icon" />
                       </v-btn>
                     </template>
                     <span>{{ action.tooltip }}</span>
                   </v-tooltip>
                 </div>
-              </v-layout>
+              </v-row>
             </template>
             <template #no-data>
               <div v-if="!pagination_required">
@@ -249,7 +244,7 @@
                   v-else
                   border="top"
                   colored-border
-                  text
+                  variant="text"
                   prominent
                   type="warning"
               >
@@ -289,21 +284,21 @@
                 />
 
                 <v-alert
-                        :value="!!texts.destroyInfo(destroyDialogItem)"
+                        :model-value="!!destroyInfoText"
                         type="info"
                 >
-                  {{ texts.destroyInfo(destroyDialogItem) }}
+                  {{ destroyInfoText }}
                 </v-alert>
                 <v-alert
-                        :value="!!texts.destroyWarning(destroyDialogItem)"
+                        :model-value="!!destroyWarningText"
                         type="warning"
                 >
-                  {{ texts.destroyWarning(destroyDialogItem) }}
+                  {{ destroyWarningText }}
                 </v-alert>
                 <error-alert v-if="destroyDialogError" :errors="errors"></error-alert>
 
                 <v-card-text>
-                  {{ texts.destroy(destroyDialogItem) }}
+                  {{ destroyText }}
                 </v-card-text>
 
                 <v-card-actions>
@@ -311,16 +306,16 @@
                   <v-btn
                     color="primary"
                     class="grow"
-                    outlined
+                    variant="outlined"
                     :disabled="destroyDialogWorking"
-                    @click.native="destroyClose"
+                    @click="destroyClose"
                   >
                     Cancel
                   </v-btn>
                   <v-btn
                     color="primary"
                     class="grow"
-                    depressed
+                    variant="flat"
                     type="submit"
                     :loading="destroyDialogWorking"
                   >
@@ -334,7 +329,8 @@
           <component
                   :is="extraComponentName"
                   v-bind="extraComponentBind"
-                  @input="() => { this.extraComponentName = ''; }"
+                  @update:modelValue="() => { this.extraComponentName = ''; }"
+                  v-if="extraComponentName"
           ></component>
         </v-card>
       </v-col>
@@ -404,7 +400,7 @@ export default {
     showAdvanced: false,
     search: '',
     rows: [],
-    valid: false,
+    valid: null,
     dirty: new Set(),
     dirtyError: new Set(),
     /* to be overwritten */
@@ -460,6 +456,9 @@ export default {
     mdiPlus,
   }},
   computed: {
+    display() {
+      return this.$vuetify.display;
+    },
     actions: () => {},
     createInhibited: () => false,
     defaultActions() {
@@ -484,13 +483,26 @@ export default {
         cols = cols.filter(col => !(col.advanced || false));
       }
       cols = cols.filter(col => !(col.hideFromTable || false));
-      cols.push({
+      const normalizeHeader = (col) => {
+        let key = col.key;
+        if (!key && typeof col.name === 'string' && col.name.startsWith('item.')) {
+          key = col.name.slice(5);
+        }
+        key = key ?? col.value;
+        return {
+          ...col,
+          title: col.title ?? col.text,
+          key,
+        };
+      };
+      cols = cols.map(normalizeHeader);
+      cols.push(normalizeHeader({
         text: 'Actions',
         sortable: false,
         align: 'right',
         value: 'actions',
-        width: '130px',
-      });
+        minWidth: '130px',
+      }));
       return cols; // data table expects an array
     },
     itemsPerPage() {
@@ -502,6 +514,57 @@ export default {
     writeableAdvancedColumns() {
       return this.filterWriteableColumns(col => (col.advanced || false));
     },
+    bannerText() {
+      if (typeof this.texts?.banner === 'function') {
+        return this.texts.banner();
+      }
+      return this.texts?.banner || '';
+    },
+    createText() {
+      if (typeof this.texts?.create !== 'function') {
+        return '';
+      }
+      return this.texts.create();
+    },
+    createSuccessText() {
+      if (typeof this.texts?.createSuccess !== 'function') {
+        return '';
+      }
+      return this.texts.createSuccess(this.createDialogItem);
+    },
+    createWarningText() {
+      if (typeof this.texts?.createWarning !== 'function') {
+        return '';
+      }
+      return this.texts.createWarning(this.createDialogItem);
+    },
+    createBottomText() {
+      if (typeof this.texts?.createBottom !== 'function') {
+        return '';
+      }
+      return this.texts.createBottom();
+    },
+    createFormInvalid() {
+      return this.valid === false;
+    },
+    destroyInfoText() {
+      if (typeof this.texts?.destroyInfo !== 'function') {
+        return '';
+      }
+      return this.texts.destroyInfo(this.destroyDialogItem);
+    },
+    destroyText() {
+      if (typeof this.texts?.destroy !== 'function') {
+        return '';
+      }
+      return this.texts.destroy(this.destroyDialogItem);
+    },
+    destroyWarningText() {
+      if (typeof this.texts?.destroyWarning !== 'function') {
+        return '';
+      }
+      return this.texts.destroyWarning(this.destroyDialogItem);
+    },
   },
   watch: {
     search: function() {
@@ -519,16 +582,20 @@ export default {
     this.search = this.user.component_arg(`${this.$options.name}/search`) || '';
   },
   methods: {
+    rowProps({ item }) {
+      const raw = item?.raw ?? item;
+      return { class: this.itemClass(raw) };
+    },
     itemClass(item) {
       const baseClass = 'crud-item';
       if (this.itemIsReadOnly(item)) {
-        return baseClass + ' grey text--disabled grey lighten-4';
+        return baseClass + ' text-disabled bg-grey-lighten-4';
       }
       if (this.dirtyError.has(item)) {
-        return baseClass + ' red lighten-5';
+        return baseClass + ' bg-red-lighten-5';
       }
       if (this.dirty.has(item)) {
-        return baseClass + ' orange lighten-5';
+        return baseClass + ' bg-orange-lighten-5';
       }
       return baseClass;
     },
@@ -539,14 +606,15 @@ export default {
     clearErrors(c) {
       c.createErrors = [];
     },
-    rowClick(value) {
-      this.handleRowClick(value);
+    rowClick(value, row) {
+      const raw = row?.item?.raw ?? row?.item ?? value?.raw ?? value?.item ?? value;
+      this.handleRowClick(raw);
     },
     getActions(actions) {
       return Object.entries({...actions, ...this.defaultActions}).filter(([, action]) => action.if ?? true);
     },
-    updatePagination(pagination) {
-      this.user.updateComponentArg(`${this.$options.name}/itemsPerPage`, pagination.itemsPerPage);
+    updatePagination(options) {
+      this.user.updateComponentArg(`${this.$options.name}/itemsPerPage`, options.itemsPerPage);
     },
     /** *
      * Ask the user to delete the given item.
@@ -623,6 +691,13 @@ export default {
                 })
         );
       } else {
+        const createForm = this.$refs.createForm;
+        if (createForm?.validate) {
+          const result = await createForm.validate();
+          if (!result.valid) {
+            return;
+          }
+        }
         // new item
         this.createDialogWorking = true;
         this.createDialogError = false;
@@ -722,7 +797,8 @@ export default {
   @keyframes successFade {
     from { background-color: forestgreen; }
   }
-  ::v-deep tr.orange .button-save .v-icon, ::v-deep tr.red .button-save .v-icon {
+  ::v-deep tr.bg-orange-lighten-5 .button-save .v-icon,
+  ::v-deep tr.bg-red-lighten-5 .button-save .v-icon {
     color: forestgreen;
   }
   ::v-deep tr:focus-within :focus {
@@ -731,7 +807,7 @@ export default {
   ::v-deep tbody tr > :hover {
     cursor: pointer;
   }
-  ::v-deep tbody tr.text--disabled > :hover {
+  ::v-deep tbody tr.text-disabled > :hover {
     cursor: auto;
   }
 </style>
diff --git a/www/webapp/src/views/CrudListDomain.vue b/www/webapp/src/views/CrudListDomain.vue
index 9152497a3..acd7df4e0 100644
--- a/www/webapp/src/views/CrudListDomain.vue
+++ b/www/webapp/src/views/CrudListDomain.vue
@@ -2,10 +2,11 @@
 import { HTTP, withWorking } from '@/utils';
 import CrudList from './CrudList.vue';
 import DomainSetupDialog from '@/views/Console/DomainSetupDialog.vue';
-import {mdiDownload, mdiInformation} from "@mdi/js";
+import {mdiDownload, mdiInformation, mdiRefresh} from "@mdi/js";
 import GenericText from "@/components/Field/GenericText.vue";
 import GenericTextarea from "@/components/Field/GenericTextarea.vue";
 import TimeAgo from "@/components/Field/TimeAgo.vue";
+import DelegationStatus from "@/components/Field/DelegationStatus.vue";
 
 export default {
   name: 'CrudListDomain',
@@ -20,6 +21,8 @@ export default {
         updatable: false,
         destroyable: true,
         limit_domains: 0,
+        limit_insecure_domains: null,
+        insecure_delegated_domains: 0,
         headlines: {
           table: 'Domains',
           create: 'Create New Domain',
@@ -27,8 +30,27 @@ export default {
         },
         texts: {
           banner: () => 'To edit your DNS records, click on one of your domains.',
-          create: () => self.limit_domains != null ? `You have ${self.availableCount} of ${self.limit_domains} domains left.<br /><small>Contact support to apply for a higher limit.</small>` : '',
-          createWarning: () => (self.availableCount <= 0 ? 'You have reached your maximum number of domains. Please contact support to apply for a higher limit.' : ''),
+          create: () => {
+            if (self.limit_domains != null) {
+              return `You have ${self.availableCount} of ${self.limit_domains} domains left.<br /><small>Contact support to apply for a higher limit.</small>`;
+            }
+            if (self.limit_insecure_domains == null) {
+              return 'You can create multiple domains.';
+            }
+            return `You can create multiple domains. You currently have ${self.insecure_delegated_domains} of ${self.limit_insecure_domains} domains without DNSSEC. Secure them before creating more.`;
+          },
+          createWarning: () => {
+            if (self.availableCount <= 0 && self.limit_domains != null) {
+              return 'You have reached your maximum number of domains. Please contact support to apply for a higher limit.';
+            }
+            if (self.limit_insecure_domains === 0) {
+              return 'Domain creation is disabled for your account. Please contact support if you need additional domains.';
+            }
+            if (self.limit_insecure_domains != null && self.insecure_delegated_domains >= self.limit_insecure_domains) {
+              return 'You have reached your limit of domains without DNSSEC. Secure an existing domain first, then you can create more.';
+            }
+            return '';
+          },
           destroy: d => (`Delete domain ${d.name}?`),
           destroyInfo: () => 'This operation will cause the domain to disappear from the DNS. It will no longer be reachable from the Internet.',
         },
@@ -40,6 +62,8 @@ export default {
             align: 'left',
             sortable: true,
             value: 'name',
+            minWidth: '260px',
+            class: 'domain-name-col',
             readonly: true,
             required: true,
             writeOnCreate: true,
@@ -56,6 +80,28 @@ export default {
             datatype: TimeAgo.name,
             searchable: false,
           },
+          delegation_status: {
+            name: 'item.delegation_status',
+            text: 'Delegation Status',
+            align: 'left',
+            sortable: false,
+            value: 'delegation_checked',
+            readonly: true,
+            datatype: DelegationStatus,
+            searchable: false,
+            fieldProps: item => ({ item, showHint: false, clickable: true }),
+            onClick: item => this.showDomainInfo(item),
+          },
+          delegation_checked: {
+            name: 'item.delegation_checked',
+            text: 'Last Checked',
+            align: 'left',
+            sortable: true,
+            value: 'delegation_checked',
+            readonly: true,
+            datatype: TimeAgo.name,
+            searchable: false,
+          },
           zonefile: {
             name: 'item.zonefile',
             text: 'Zonefile',
@@ -75,6 +121,7 @@ export default {
           create: 'domains/',
           delete: 'domains/:{name}/',
           export: 'domains/:{name}/zonefile/',
+          delegationCheck: 'domains/:{name}/delegation-check/',
         },
         itemDefaults: () => ({ name: '' }),
         postcreate: d => {
@@ -111,22 +158,43 @@ export default {
           let ds = d.keys.map(key => key.ds);
           ds = ds.concat.apply([], ds).filter(v => v.split(" ")[2] == 2)
           let dnskey = d.keys.map(key => key.dnskey).filter(v => v.split(" ")[0] == 257);
-          this.extraComponentBind = {'domain': d.name, 'ds': ds, 'dnskey': dnskey, 'is-new': isNew};
+          this.extraComponentBind = {
+            'domain': d.name,
+            'ds': ds,
+            'dnskey': dnskey,
+            'is-new': isNew,
+            'delegation': d,
+          };
           this.extraComponentName = 'DomainSetupDialog';
         },
+        async runDelegationCheck(domain) {
+          const url = this.resourcePath(this.paths.delegationCheck, domain, ':');
+          await withWorking(this.error, () => HTTP
+              .post(url)
+              .then(r => {
+                Object.assign(domain, r.data);
+                this.showDomainInfo(domain);
+              })
+          );
+        },
         handleRowClick: (value) => {
           this.$router.push({name: 'domain', params: {domain: value.name}});
         },
     }
   },
   computed: {
-    actions() {
+        actions() {
       return {
         'info': {
           go: d => this.showDomainInfo(d),
           icon: mdiInformation,
           tooltip: 'Setup instructions',
         },
+        'delegation_check': {
+          go: d => this.runDelegationCheck(d),
+          icon: mdiRefresh,
+          tooltip: 'Check delegation status',
+        },
         'export': {
           go: d => this.exportDomain(d),
           icon: mdiDownload,
@@ -139,15 +207,28 @@ export default {
       return this.limit_domains != null ? Math.max(this.limit_domains - this.rows.length, 0) : Infinity;
     },
     createInhibited: function () {
-      return this.availableCount <= 0;
+      return this.availableCount <= 0
+        || this.limit_insecure_domains === 0
+        || (this.limit_insecure_domains != null
+          && this.insecure_delegated_domains >= this.limit_insecure_domains);
     },
   },
   async created() {
     const self = this;
     await withWorking(this.error, () => HTTP
         .get('auth/account/')
-        .then(r => self.limit_domains = r.data.limit_domains)
+        .then(r => {
+          self.limit_domains = r.data.limit_domains;
+          self.limit_insecure_domains = r.data.limit_insecure_domains ?? null;
+          self.insecure_delegated_domains = r.data.insecure_delegated_domains ?? 0;
+        })
     );
   },
 };
 </script>
+
+<style scoped>
+.domain-name-col {
+  white-space: nowrap;
+}
+</style>
diff --git a/www/webapp/src/views/CrudListToken.vue b/www/webapp/src/views/CrudListToken.vue
index ca50b712d..06f4d794c 100644
--- a/www/webapp/src/views/CrudListToken.vue
+++ b/www/webapp/src/views/CrudListToken.vue
@@ -42,7 +42,7 @@ export default {
             datatype: GenericText.name,
             searchable: true,
             fieldProps: (item) => (
-                item.mfa !== null
+                item?.id && item.mfa != null
                     ? { value_override: item.id == useUserStore().token.id ? 'current log-in token' : 'previous log-in token' }
                     : {}
             ),
diff --git a/www/webapp/src/views/DeleteAccount.vue b/www/webapp/src/views/DeleteAccount.vue
index 9ef179e84..41f98bc74 100644
--- a/www/webapp/src/views/DeleteAccount.vue
+++ b/www/webapp/src/views/DeleteAccount.vue
@@ -20,7 +20,6 @@
                     <v-card class="elevation-12 pb-4">
                         <v-toolbar
                                 color="primary"
-                                dark
                                 flat
                         >
                             <v-toolbar-title>Delete Account</v-toolbar-title>
@@ -36,31 +35,29 @@
                             <v-text-field
                                     v-model="email"
                                     label="Current Email"
-                                    prepend-icon="mdi-blank"
-                                    outlined
+                                    variant="outlined"
                                     required
                                     :disabled="true"
                                     validate-on-blur
                             />
                             <v-text-field
                                     v-model="password"
-                                    :append-icon="show ? mdiEyeOff : mdiEye"
-                                    prepend-icon="mdi-blank"
-                                    outlined
+                                    :append-inner-icon="show ? mdiEyeOff : mdiEye"
+                                    variant="outlined"
                                     label="Password"
                                     required
                                     :rules="[rules.required]"
                                     :type="show ? 'text' : 'password'"
                                     :error-messages="password_errors"
                                     @change="password_errors=[]"
-                                    @click:append="show = !show"
+                                    @click:append-inner="show = !show"
                                     ref="password"
                                     tabindex="1"
                             ></v-text-field>
                         </v-card-text>
                         <v-card-actions class="justify-center">
                             <v-btn
-                                    depressed
+                                    variant="flat"
                                     color="primary"
                                     type="submit"
                                     :loading="working"
@@ -115,7 +112,8 @@
         return this.$refs.password.focus();
       },
       async deleteAccount() {
-        if (!this.$refs.form.validate()) {
+        const { valid } = await this.$refs.form.validate();
+        if (!valid) {
           return;
         }
         this.working = true;
diff --git a/www/webapp/src/views/DomainSetup.vue b/www/webapp/src/views/DomainSetup.vue
index 97df64f80..7c21951d3 100644
--- a/www/webapp/src/views/DomainSetup.vue
+++ b/www/webapp/src/views/DomainSetup.vue
@@ -1,17 +1,14 @@
 <template>
-  <div v-if="hasAutomaticDelegationMaintenance">
+  <div v-if="showAllSet">
     <p class="mt-4">
-      Your domain is fully configured.
+      Your domain is securely delegated and DNSSEC is active.
     </p>
   </div>
   <div v-else>
-    <p class="mt-4">
-      The following steps need to be completed in order to use your domain with deSEC.
-    </p>
 
     <div v-if="!user.authenticated">
       <div class="my-2 text-h6">
-        <v-icon class="primary--text">{{ mdiNumeric0Circle }}</v-icon>
+        <v-icon class="text-primary" :icon="mdiNumeric0Circle" />
         Configure your DNS records
       </div>
       <p>Before delegating your domain, you might want to take the following steps:</p>
@@ -22,20 +19,20 @@
       </ul>
     </div>
 
-    <div class="my-2 text-h6">
-      <v-icon class="primary--text">{{ mdiNumeric1Circle }}</v-icon>
+    <div class="my-2 text-h6" v-if="showStep1">
+      <v-icon class="text-primary" :icon="mdiNumeric1Circle" />
       Delegate your domain
     </div>
-    <p>
+    <p v-if="showStep1">
       Forward the following information to the organization/person where you bought the domain
       <strong>{{ domain }}</strong> (usually your provider or technical administrator).
     </p>
-    <v-expansion-panels class="mb-4">
+    <v-expansion-panels class="mb-4" v-if="showStep1">
       <v-expansion-panel>
-        <v-expansion-panel-header class="primary lighten-4">
-          <span><v-icon>{{ mdiAlert }}</v-icon> Moving a domain that had DNSSEC enabled before? Read this!</span>
-        </v-expansion-panel-header>
-        <v-expansion-panel-content>
+        <v-expansion-panel-title class="bg-primary-lighten-4">
+          <span><v-icon :icon="mdiAlert" /> Moving a domain that had DNSSEC enabled before? Read this!</span>
+        </v-expansion-panel-title>
+        <v-expansion-panel-text>
           <div class="mt-4">
             <strong>Be careful!</strong>
             Simply replacing records can cause errors, because resolvers may have old NS or DNSSEC settings cached.
@@ -49,17 +46,17 @@
               </li>
             </ul>
           </div>
-        </v-expansion-panel-content>
+        </v-expansion-panel-text>
       </v-expansion-panel>
     </v-expansion-panels>
-    <v-card class="mb-4" v-if="ns">
-      <v-card-title class="grey lighten-2">
+    <v-card class="mb-4" v-if="ns && showStep1">
+      <v-card-title class="bg-grey-lighten-2">
         <v-row>
           <v-col cols="auto">Nameservers</v-col>
           <v-spacer></v-spacer>
           <v-col class="text-right">
-            <v-btn @click="copyToClipboard(ns.join('\n'))" text small>
-              <v-icon>{{ mdiContentCopy }}</v-icon>
+            <v-btn @click="copyToClipboard(ns.join('\n'))" variant="text" size="small">
+              <v-icon :icon="mdiContentCopy" />
               Copy
             </v-btn>
           </v-col>
@@ -71,13 +68,13 @@
       </v-card-text>
       <v-alert type="error" v-else>Nameservers could not be retrieved.</v-alert>
     </v-card>
-    <p>Once your provider processes this information, the Internet will start directing DNS queries to deSEC.</p>
+    <p v-if="showStep1">Once your provider processes this information, the Internet will start directing DNS queries to deSEC.</p>
 
-    <div class="my-2 text-h6">
-      <v-icon class="primary--text">{{ mdiNumeric2Circle }}</v-icon>
+    <div class="my-2 text-h6" v-if="showStep2">
+      <v-icon class="text-primary" :icon="mdiNumeric2Circle" />
       Enable DNSSEC
     </div>
-    <div v-if="user.authenticated">
+    <div v-if="user.authenticated && showStep2">
       <p>
         You also need to forward the following DNSSEC information to your domain provider.
         The exact steps depend on your provider:
@@ -86,18 +83,18 @@
       </p>
       <p class="small">
         Notes: When using block format, some providers require you to add the domain name in the beginning. (Also,
-        <a class="grey--text text--darken-1" href="https://github.com/oskar456/cds-updates" target="_blank">depending on
+        <a class="text-grey-darken-1" href="https://github.com/oskar456/cds-updates" target="_blank">depending on
         your domain's suffix</a>, we will perform this step automatically.)
       </p>
 
       <v-card class="mb-4">
-        <v-card-title class="grey lighten-2">
+        <v-card-title class="bg-grey-lighten-2">
           <v-row>
             <v-col cols="auto">DS Format</v-col>
             <v-spacer></v-spacer>
             <v-col class="text-right">
-              <v-btn @click="copyToClipboard(ds.join('\n'))" text small>
-                <v-icon>{{ mdiContentCopy }}</v-icon>
+              <v-btn @click="copyToClipboard(ds.join('\n'))" variant="text" size="small">
+                <v-icon :icon="mdiContentCopy" />
                 Copy
               </v-btn>
             </v-col>
@@ -111,13 +108,13 @@
       </v-card>
 
       <v-card>
-        <v-card-title class="grey lighten-2">
+        <v-card-title class="bg-grey-lighten-2">
           <v-row>
             <v-col cols="auto">DNSKEY Format</v-col>
             <v-spacer></v-spacer>
             <v-col class="text-right">
-              <v-btn @click="copyToClipboard(dnskey.join('\n'))" text small>
-                <v-icon>{{ mdiContentCopy }}</v-icon>
+              <v-btn @click="copyToClipboard(dnskey.join('\n'))" variant="text" size="small">
+                <v-icon :icon="mdiContentCopy" />
                 Copy
               </v-btn>
             </v-col>
@@ -130,32 +127,32 @@
         <v-alert type="error" v-else>Parameters could not be retrieved. (Are you logged in?)</v-alert>
       </v-card>
 
-      <div class="my-2 text-h6">
-        <v-icon class="primary--text">{{ mdiNumeric3Circle }}</v-icon>
+      <div class="my-2 text-h6" v-if="showStep2">
+        <v-icon class="text-primary" :icon="mdiNumeric3Circle" />
         Check Setup
       </div>
-      <p>
+      <p v-if="showStep2">
         All set up correctly? <a :href="`https://dnssec-analyzer.verisignlabs.com/${domain}`" target="_blank">Take a
         look at DNSSEC Analyzer</a> to check the status of your domain.
       </p>
     </div>
-    <div v-else>
+    <div v-else-if="showStep2">
       <p>
         To enable DNSSEC, you will also need to forward some information to your domain provider.
-        You can retrieve this information by logging in, and then clicking on the <v-icon>{{ mdiInformation }}</v-icon> button next to your domain name.
+        You can retrieve this information by logging in, and then clicking on the <v-icon :icon="mdiInformation" /> button next to your domain name.
       </p>
     </div>
 
     <!-- copy snackbar -->
     <v-snackbar v-model="snackbar">
-      <v-icon v-if="snackbar_icon">{{ snackbar_icon }}</v-icon>
+      <v-icon v-if="snackbar_icon" :icon="snackbar_icon" />
       {{ snackbar_text }}
 
-      <template #action="{ attrs }">
+      <template #actions="{ props }">
         <v-btn
             color="pink"
-            text
-            v-bind="attrs"
+            variant="text"
+            v-bind="props"
             @click="snackbar = false"
         >
           Close
@@ -188,6 +185,10 @@ export default {
       type: Array,
       default: () => [],
     },
+    delegation: {
+      type: Object,
+      default: null,
+    },
     ns: {
       type: Array,
       default: () => import.meta.env.VITE_APP_DESECSTACK_NS.split(' ').map(v => `${v}.`),
@@ -218,6 +219,29 @@ export default {
           )
       )
     },
+    showAllSet() {
+      return this.delegation?.is_secured === true;
+    },
+    showStep1() {
+      const delegation = this.delegation || {};
+      if (!delegation.delegation_checked) {
+        return true;
+      }
+      if (delegation.is_registered === false) {
+        return true;
+      }
+      return delegation.is_delegated == null || delegation.is_delegated === false;
+    },
+    showStep2() {
+      const delegation = this.delegation || {};
+      if (!delegation.delegation_checked) {
+        return false;
+      }
+      if (delegation.is_delegated !== true) {
+        return false;
+      }
+      return delegation.is_secured !== true;
+    },
   },
   methods: {
     copyToClipboard: async function (text) {
diff --git a/www/webapp/src/views/DomainSetupPage.vue b/www/webapp/src/views/DomainSetupPage.vue
index 005bee7a2..622914181 100644
--- a/www/webapp/src/views/DomainSetupPage.vue
+++ b/www/webapp/src/views/DomainSetupPage.vue
@@ -5,7 +5,6 @@
         <v-card>
           <v-toolbar
               color="primary"
-              dark
               flat
           >
             <v-toolbar-title>Setup Instructions for <b>{{ domain }}</b></v-toolbar-title>
@@ -28,7 +27,7 @@
             the answer there.
           </v-card-text>
           <v-card-actions>
-            <v-btn block outlined :to="{name: 'talk'}">Find Help</v-btn>
+            <v-btn block variant="outlined" :to="{name: 'talk'}">Find Help</v-btn>
           </v-card-actions>
         </v-card>
       </v-col>
@@ -40,7 +39,7 @@
             If you like our service, please consider donating.
           </v-card-text>
           <v-card-actions>
-            <v-btn block outlined :to="{name: 'donate'}">Donate</v-btn>
+            <v-btn block variant="outlined" :to="{name: 'donate'}">Donate</v-btn>
           </v-card-actions>
         </v-card>
       </v-col>
diff --git a/www/webapp/src/views/DonatePage.vue b/www/webapp/src/views/DonatePage.vue
index b8cbcb13c..f6f6e3fe5 100644
--- a/www/webapp/src/views/DonatePage.vue
+++ b/www/webapp/src/views/DonatePage.vue
@@ -16,7 +16,6 @@
         <v-card>
           <v-toolbar
                   color="primary"
-                  dark
                   flat
           >
             <v-toolbar-title>Donate</v-toolbar-title>
@@ -24,30 +23,30 @@
           <v-card-text>
             <v-expansion-panels class="mb-4" focusable>
               <v-expansion-panel>
-                <v-expansion-panel-header class="text-subtitle-1">
-                  <v-layout>
-                    <v-icon class="mr-2">{{ mdiBankTransferIn }}</v-icon> Direct Debit – Let us Take your Money (Europe)
-                  </v-layout>
-                </v-expansion-panel-header>
-                <v-expansion-panel-content class="pt-4">
+                <v-expansion-panel-title class="text-subtitle-1">
+                  <v-row>
+                    <v-icon class="mr-2" :icon="mdiBankTransferIn" /> Direct Debit – Let us Take your Money (Europe)
+                  </v-row>
+                </v-expansion-panel-title>
+                <v-expansion-panel-text class="pt-4">
                   <p>
                     With your permission, we debit your donation directly from your European bank account.
                     To give us permission, use this form:
                   </p>
                   <DonateDirectDebitForm/>
-                </v-expansion-panel-content>
+                </v-expansion-panel-text>
               </v-expansion-panel>
               <v-expansion-panel>
-                <v-expansion-panel-header class="text-subtitle-1">
-                  <v-layout>
-                    <v-icon class="mr-2">{{ mdiBankTransferOut }}</v-icon> Bank Transfer – Send us Money (Europe)
-                  </v-layout>
-                </v-expansion-panel-header>
-                <v-expansion-panel-content class="pt-4">
+                <v-expansion-panel-title class="text-subtitle-1">
+                  <v-row>
+                    <v-icon class="mr-2" :icon="mdiBankTransferOut" /> Bank Transfer – Send us Money (Europe)
+                  </v-row>
+                </v-expansion-panel-title>
+                <v-expansion-panel-text class="pt-4">
                   <p>
                     We're happy to accept donations via bank transfer. Please use the following account details:
                   </p>
-                  <v-simple-table>
+                  <v-table>
                     <tbody>
                     <tr>
                       <td>Recipient</td>
@@ -62,19 +61,19 @@
                       <td>GENODEF1SLR</td>
                     </tr>
                     </tbody>
-                  </v-simple-table>
+                  </v-table>
                   <div class="text-center">
                     <qrcode-vue :value="bank_transfer_epc" size="300"/>
                   </div>
-                </v-expansion-panel-content>
+                </v-expansion-panel-text>
               </v-expansion-panel>
               <v-expansion-panel>
-                <v-expansion-panel-header class="text-subtitle-1">
-                  <v-layout>
-                    <v-icon class="mr-2">{{ mdiCreditCardOutline }}</v-icon> Credit Card
-                  </v-layout>
-                </v-expansion-panel-header>
-                <v-expansion-panel-content class="pt-4">
+                <v-expansion-panel-title class="text-subtitle-1">
+                  <v-row>
+                    <v-icon class="mr-2" :icon="mdiCreditCardOutline" /> Credit Card
+                  </v-row>
+                </v-expansion-panel-title>
+                <v-expansion-panel-text class="pt-4">
                   <p>
                     To donate by credit card, <strong>please use <a href="https://liberapay.com/deSEC/donate"
                     target="_blank">our account at Liberapay</a></strong>.
@@ -84,46 +83,46 @@
                     the automatic payment plan right after your first donation. However, as our costs are recurring, we
                     actually do appreciate recurring donations.
                   </p>
-                </v-expansion-panel-content>
+                </v-expansion-panel-text>
               </v-expansion-panel>
               <v-expansion-panel>
-                <v-expansion-panel-header class="text-subtitle-1">
-                  <v-layout>
-                    <v-icon class="mr-2">{{ mdiGithub }}</v-icon> GitHub Sponsors
-                  </v-layout>
-                </v-expansion-panel-header>
-                <v-expansion-panel-content class="pt-4">
+                <v-expansion-panel-title class="text-subtitle-1">
+                  <v-row>
+                    <v-icon class="mr-2" :icon="mdiGithub" /> GitHub Sponsors
+                  </v-row>
+                </v-expansion-panel-title>
+                <v-expansion-panel-text class="pt-4">
                   <p>
                     <strong><a href="https://github.com/sponsors/desec-io" target="_blank">Click here</a> to donate via
                     GitHub.</strong>
                   </p>
-                </v-expansion-panel-content>
+                </v-expansion-panel-text>
               </v-expansion-panel>
               <v-expansion-panel>
-                <v-expansion-panel-header class="text-subtitle-1">
-                  <v-layout>
-                    <v-icon class="mr-2">{{ mdiGiftOutline }}</v-icon> PayPal
-                  </v-layout>
-                </v-expansion-panel-header>
-                <v-expansion-panel-content class="pt-4">
+                <v-expansion-panel-title class="text-subtitle-1">
+                  <v-row>
+                    <v-icon class="mr-2" :icon="mdiGiftOutline" /> PayPal
+                  </v-row>
+                </v-expansion-panel-title>
+                <v-expansion-panel-text class="pt-4">
                   <p>
                     <strong><a href="https://www.paypal.com/donate?hosted_button_id=GPGXGLA4SU78W" target="_blank">Click
                     here</a> or use the below QR code to donate via PayPal.</strong>
                     Note that PayPal charges us the highest fees of all, so if
                     you can use one of the other methods, that would be appreciated!
                   </p>
-                  <v-layout class="justify-center">
+                  <v-row class="justify-center">
                     <v-img src="../assets/paypal-qrcode.png" alt="PayPal QR Code" style="max-width: 256px"></v-img>
-                  </v-layout>
-                </v-expansion-panel-content>
+                  </v-row>
+                </v-expansion-panel-text>
               </v-expansion-panel>
               <v-expansion-panel>
-                <v-expansion-panel-header class="text-subtitle-1">
-                  <v-layout>
-                    <v-icon class="mr-2">{{ mdiBitcoin }}</v-icon> Crypto Currency (BTC, ETH, LTC)
-                  </v-layout>
-                </v-expansion-panel-header>
-                <v-expansion-panel-content class="pt-4">
+                <v-expansion-panel-title class="text-subtitle-1">
+                  <v-row>
+                    <v-icon class="mr-2" :icon="mdiBitcoin" /> Crypto Currency (BTC, ETH, LTC)
+                  </v-row>
+                </v-expansion-panel-title>
+                <v-expansion-panel-text class="pt-4">
                   <p>If you prefer to donate in a crypto currency, you can use the following wallets:</p>
                   <table>
                     <tr>
@@ -140,15 +139,15 @@
                     </tr>
                   </table>
                   <p class="mt-4">Note that we cannot provide you a donation receipt for crypto donations.</p>
-                </v-expansion-panel-content>
+                </v-expansion-panel-text>
               </v-expansion-panel>
               <v-expansion-panel>
-                <v-expansion-panel-header class="text-subtitle-1">
-                  <v-layout>
-                    <v-icon class="mr-2">{{ mdiHeartMultipleOutline }}</v-icon> Double-up with Your Employer
-                  </v-layout>
-                </v-expansion-panel-header>
-                <v-expansion-panel-content class="pt-4">
+                <v-expansion-panel-title class="text-subtitle-1">
+                  <v-row>
+                    <v-icon class="mr-2" :icon="mdiHeartMultipleOutline" /> Double-up with Your Employer
+                  </v-row>
+                </v-expansion-panel-title>
+                <v-expansion-panel-text class="pt-4">
                   <p>
                     Many employers <b>double donations</b> initiated by their employees. Donations often happen through
                     dedicated facilitation platforms such as
@@ -158,7 +157,7 @@
                     Make sure to <b>check with your company</b> if you're eligible for a co-donation, and double the
                     impact!
                   </p>
-                </v-expansion-panel-content>
+                </v-expansion-panel-text>
               </v-expansion-panel>
             </v-expansion-panels>
             <p>
@@ -174,11 +173,10 @@
           </v-card-text>
         </v-card>
       </v-col>
-      <v-col col="12" md="6">
+      <v-col cols="12" md="6">
         <v-card>
           <v-toolbar
                   color="primary"
-                  dark
                   flat
           >
             <v-toolbar-title>Support our Quest</v-toolbar-title>
diff --git a/www/webapp/src/views/DynSetup.vue b/www/webapp/src/views/DynSetup.vue
index b827479a1..87aae0e33 100644
--- a/www/webapp/src/views/DynSetup.vue
+++ b/www/webapp/src/views/DynSetup.vue
@@ -15,7 +15,6 @@
         <v-card class="elevation-12">
           <v-toolbar
                   color="primary"
-                  dark
                   flat
           >
             <v-toolbar-title>Domain Registration Completed</v-toolbar-title>
@@ -42,14 +41,14 @@
             </p>
             <v-expansion-panels class="mb-4" focusable>
               <v-expansion-panel>
-                <v-expansion-panel-header class="text-subtitle-1">Configure Your Router</v-expansion-panel-header>
-                <v-expansion-panel-content>
+                <v-expansion-panel-title class="text-subtitle-1">Configure Your Router</v-expansion-panel-title>
+                <v-expansion-panel-text>
                   <p>
                     To continuously update your domain to point to your home router, configure your
                     router or any other dynamic DNS client in your network with the following parameters:
                   </p>
 
-                  <v-simple-table>
+                  <v-table>
                     <tbody>
                     <tr>
                       <td>URL</td>
@@ -64,7 +63,7 @@
                       <td class="fixed-width">{{ token }}</td>
                     </tr>
                     </tbody>
-                  </v-simple-table>
+                  </v-table>
 
                   <p>
                     Please only update your IP address when it has changed. If your client is
@@ -72,11 +71,11 @@
                     <a href="https://desec.readthedocs.io/en/latest/dyndns/configure.html">documentation</a>
                     for alternative IP update approaches.
                   </p>
-                </v-expansion-panel-content>
+                </v-expansion-panel-text>
               </v-expansion-panel>
               <v-expansion-panel>
-                <v-expansion-panel-header class="text-subtitle-1">One-Off Manual Update</v-expansion-panel-header>
-                <v-expansion-panel-content>
+                <v-expansion-panel-title class="text-subtitle-1">One-Off Manual Update</v-expansion-panel-title>
+                <v-expansion-panel-text>
                   <p>
                     Your domain can be configured to your current public IP address as seen by our servers.
                     To update your IP, open the following link in any way.
@@ -84,17 +83,17 @@
                   <p>
                     <a :href="updateURL" class="fixed-width">{{ updateURL }}</a>
                   </p>
-                </v-expansion-panel-content>
+                </v-expansion-panel-text>
               </v-expansion-panel>
               <v-expansion-panel>
-                <v-expansion-panel-header class="text-subtitle-1">Alternative IP Update Approaches</v-expansion-panel-header>
-                <v-expansion-panel-content>
+                <v-expansion-panel-title class="text-subtitle-1">Alternative IP Update Approaches</v-expansion-panel-title>
+                <v-expansion-panel-text>
                   <p>
                     For alternative approaches to updating your IP address and for a
                     detailed explanation of the update protocol, please refer to our
                     <a href="https://desec.readthedocs.io/en/latest/dyndns/update-api.html">documentation</a>.
                   </p>
-                </v-expansion-panel-content>
+                </v-expansion-panel-text>
               </v-expansion-panel>
             </v-expansion-panels>
             <p>
@@ -110,7 +109,7 @@
                 Please verify that your client is using the credentials provided by deSEC and then come back to check
                 again.
               </p>
-              <v-btn depressed outlined block @click="check" :loading="working">Check Again</v-btn>
+              <v-btn variant="outlined" block @click="check" :loading="working">Check Again</v-btn>
             </v-alert>
             <v-alert type="success" v-if="ips !== undefined && ips.length > 0">
               <p>
@@ -129,7 +128,7 @@
                 Enjoy!
               </p>
               <p>
-                <v-btn depressed outlined block @click="check" :loading="working">Update</v-btn>
+                <v-btn variant="outlined" block @click="check" :loading="working">Update</v-btn>
               </p>
               <p>
                 Please note that deSEC only assigns your IP address to your domain name.
@@ -144,7 +143,7 @@
                 for dynamic DNS only, but enables to you add more domains and other DNS information.
                 You can also assign a password later at any time.
               </p>
-              <v-btn outlined block :to="{name: 'reset-password'}">
+              <v-btn variant="outlined" block :to="{name: 'reset-password'}">
                 Assign Account Password
               </v-btn>
             </div>
@@ -155,7 +154,7 @@
               If you like our service, please consider donating.
             </p>
             <p>
-              <v-btn block outlined :to="{name: 'donate'}">Donate</v-btn>
+              <v-btn block variant="outlined" :to="{name: 'donate'}">Donate</v-btn>
             </p>
           </v-card-text>
           <v-card-actions>
diff --git a/www/webapp/src/views/HomePage.vue b/www/webapp/src/views/HomePage.vue
index 2cc5ddbe9..6d57d9e88 100644
--- a/www/webapp/src/views/HomePage.vue
+++ b/www/webapp/src/views/HomePage.vue
@@ -1,6 +1,6 @@
 <template>
   <div>
-  <v-card outline tile class="pa-md-12 pa-8 elevation-4" style="overflow: hidden">
+  <v-card variant="outlined" tile class="pa-md-12 pa-8 elevation-4" style="overflow: hidden">
     <div class="d-none d-md-block triangle-bg"></div>
     <v-container class="pa-0">
       <v-row align="center">
@@ -16,7 +16,7 @@
             </p>
           </div>
           <div class="pa-2" style="width: 84%" v-if="!user.authenticated">
-            <v-form @submit.prevent="signup" :value="valid" ref="form">
+            <v-form @submit.prevent="signup" v-model="valid" ref="form">
               <v-row>
                 <v-col class="pb-0">
                   <v-radio-group
@@ -24,7 +24,7 @@
                           class="pb-2"
                           hide-details
                           row
-                          @change="$router.push({query: {domainType: domainType}})"
+                          @update:modelValue="$router.push({query: {domainType}})"
                   >
                     <span class="pb-2 pr-4">Start with ...</span>
                     <v-radio class="pb-2" label="dynDNS domain" value="dynDNS"></v-radio>
@@ -35,8 +35,7 @@
               <v-row>
                 <v-col class="py-0">
                   <v-text-field
-                    outlined
-                    flat
+                    variant="outlined"
                     v-model="email"
                     :prepend-inner-icon="mdiEmail"
                     type="email"
@@ -49,8 +48,8 @@
                   <v-btn
                     color="primary"
                     type="submit"
-                    depressed
-                    x-large
+                    variant="flat"
+                    size="x-large"
                   >
                     Create Account
                   </v-btn>
@@ -65,15 +64,15 @@
   <v-container fluid>
     <v-container>
       <v-row justify="center" class="py-8">
-        <v-col class="col-12 col-sm-4 text-center" v-for="f in features" :key="f.title">
-          <v-icon x-large>{{ f.icon }}</v-icon>
-          <h1 class="grey--text text--darken-2"><span>{{ f.title }}</span></h1>
+        <v-col cols="12" sm="4" class="text-center" v-for="f in features" :key="f.title">
+          <v-icon size="x-large" :icon="f.icon" />
+          <h1 class="text-grey-darken-2"><span>{{ f.title }}</span></h1>
           <p v-html="f.text"></p>
         </v-col>
       </v-row>
     </v-container>
   </v-container>
-  <v-container fluid class="grey lighten-4">
+  <v-container fluid class="bg-grey-lighten-4">
     <v-container class="py-8">
       <v-row align="center">
         <v-col class="text-center">
@@ -82,25 +81,25 @@
       </v-row>
       <v-row align="center" class="py-2" justify="center">
         <v-col class="col-12 col-lg-3 py-4">
-          <v-layout class="justify-center">
+          <v-row class="justify-center">
             <img loading="lazy" src="../assets/non-free/icann.logo.svg" alt="ICANN Logo" class="mr-6" style="max-width: 160px; width: 100%"/>
-          </v-layout>
+          </v-row>
         </v-col>
         <v-col class="col-12 col-sm-10 col-lg-9 py-4 text-center">
           In our project "Closing the DNSSEC Maturity Gap through Automation", we develop technical solutions that
           enable automatic deployment of DNSSEC, and work with DNS and domain industry players to facilitate real-world
           introduction of these automation standards. This project is supported by the
-          <a class="primary--text text--darken-2" href="https://www.icann.org/en/grant-program">ICANN Grant Program</a>.
+          <a class="text-primary" href="https://www.icann.org/en/grant-program">ICANN Grant Program</a>.
         </v-col>
       </v-row>
       <v-row align="center" class="py-2" justify="center">
         <v-col class="col-12 col-lg-3 py-4">
-          <v-layout class="justify-center">
+          <v-row class="justify-center">
             <img loading="lazy" src="../assets/non-free/nlnet.logo.svg" alt="NLnet Foundation Logo" class="mr-6" style="max-width: 180px; width: 100%"/>
-          </v-layout>
+          </v-row>
         </v-col>
         <v-col class="col-12 col-sm-10 col-lg-9 py-4 text-center">
-          deSEC received funding through <a class="primary--text text--darken-2" href="https://nlnet.nl/">NLnet
+          deSEC received funding through <a class="text-primary" href="https://nlnet.nl/">NLnet
           Foundation</a> for its work on the automation and future viability of DNSSEC. The <strong>NGI Assure</strong>
           fund, established with financial support from the European Commission's <strong>Next Generation
           Internet</strong> programme, is dedicated to technologies providing strong assurances about the Internet's
@@ -109,24 +108,24 @@
       </v-row>
       <v-row align="center" class="py-2" justify="center">
         <v-col class="col-12 col-lg-3 py-4">
-          <v-layout class="justify-center">
+          <v-row class="justify-center">
             <img loading="lazy" src="../assets/non-free/ripe-ncc.logo.svg" alt="RIPE NCC Logo" class="mr-6" style="margin-bottom: -7%; margin-top: -7%; max-width: 240px; width: 100%"/>
-          </v-layout>
+          </v-row>
         </v-col>
         <v-col class="col-12 col-sm-10 col-lg-9 py-4 text-center">
-          Through their Community Projects Fund, <a class="primary--text text--darken-2" href="https://ripe.net/">RIPE NCC</a>
+          Through their Community Projects Fund, <a class="text-primary" href="https://ripe.net/">RIPE NCC</a>
           in 2023 supported the ongoing operation of our DNS platform and covers global Anycast network expenses in
           particular. We greatly appreciate their support.
         </v-col>
       </v-row>
       <v-row align="center" class="py-2" justify="center">
         <v-col class="col-12 col-lg-3 py-4">
-          <v-layout class="justify-center">
+          <v-row class="justify-center">
             <img loading="lazy" src="../assets/non-free/eu.logo.svg" alt="EU Logo" class="mr-6" style="margin-bottom: 0; margin-top: 0; max-width: 200px; width: 100%"/>
-          </v-layout>
+          </v-row>
         </v-col>
         <v-col class="col-12 col-sm-10 col-lg-9 py-4 text-center">
-          As a <a class="primary--text text--darken-2" href="https://www.joindns4.eu/">DNS4EU</a> consortium member,
+          As a <a class="text-primary" href="https://www.joindns4.eu/">DNS4EU</a> consortium member,
           deSEC works to ensure implementation of robust and modern DNS security and privacy features.
           This includes support for state-of-the-art DNSSEC as well as encrypted DNS transport.<br />
           The project is co-funded by the European Union (project number: 101095329 21-EU-DIG-EU-DNS, project name:
@@ -144,9 +143,9 @@
       </v-row>
       <v-row align="center" class="py-2" justify="center">
         <v-col class="col-12 col-lg-3 py-4">
-          <v-layout class="justify-center">
+          <v-row class="justify-center">
             <a href="https://www.joindns4.eu/"><img loading="lazy" src="../assets/non-free/dns4eu.logo.svg" alt="DNS4EU Logo" class="mr-6" style="margin-bottom: 0; margin-top: 0; max-width: 210px; width: 100%"/></a>
-          </v-layout>
+          </v-row>
         </v-col>
         <v-col class="col-12 col-sm-10 col-lg-9 py-4 text-center">
           DNS4EU is an initiative of the European Commission to provide an EU-based alternative public DNS resolver.
@@ -162,18 +161,18 @@
       </v-row>
     </v-container>
   </v-container>
-  <v-container fluid class="grey lighten-4">
+  <v-container fluid class="bg-grey-lighten-4">
     <v-container>
       <v-row align="center" justify="center">
         <v-card
           class="mx-auto col-12"
-          color="grey lighten-5"
+          color="grey-lighten-5"
         >
           <v-card-text
                   class="pt-6"
                   style="position: relative;"
           >
-            <h3 class="text-h4 mb-2 text--darken-2 grey--text text-center">
+            <h3 class="text-h4 mb-2 text-grey-darken-2 text-center">
               deSEC Global Anycast Networks
             </h3>
             <div class="font-weight-light text-h6 mb-2">
@@ -190,20 +189,22 @@
             class="justify-center"
             style="display: block; width: 100%; aspect-ratio: 2/1"
           >
-            <v-tooltip bottom v-for="f in frontends" :key="f.host">
-              <template #activator="{ on }">
+            <v-tooltip location="bottom" v-for="f in frontends" :key="f.host">
+              <template #activator="{ props }">
                 <v-icon
-                  v-on="on"
-                  large
+                  v-bind="props"
+                  size="large"
                   style="transform: translate(-50%, -100%); position: absolute"
                   :style="{color: f.adopted_by ? 'black' : 'rgba(0, 0, 0, 0.60)', left: f.left, top: f.top}"
-                >{{ f.adopted_by ? mdiMapMarkerStar : mdiMapMarker }}</v-icon>
+                  :icon="f.adopted_by ? mdiMapMarkerStar : mdiMapMarker"
+                />
                 <v-icon
                   v-if="!!f.adopted_by"
-                  large
+                  size="large"
                   style="color: gold; transform: translate(-50%, -100%); position: absolute"
                   :style="{left: f.left, top: f.top}"
-                >{{ mdiMapMarkerStarOutline }}</v-icon>
+                  :icon="mdiMapMarkerStarOutline"
+                />
               </template>
               <span>
                 {{ f.name }}<span v-if="f.adopted_by">, sponsored by {{ f.adopted_by }}</span>
@@ -255,7 +256,8 @@ export default {
   },
   methods: {
     async signup() {
-      if (this.$refs.form.validate()) {
+      const { valid } = await this.$refs.form.validate();
+      if (valid) {
         this.$router.push({name: 'signup', params: this.email ? {email: this.email} : {}, query: {domainType: this.domainType}});
       }
     },
diff --git a/www/webapp/src/views/LoginPage.vue b/www/webapp/src/views/LoginPage.vue
index ff12ed84d..791d01d14 100644
--- a/www/webapp/src/views/LoginPage.vue
+++ b/www/webapp/src/views/LoginPage.vue
@@ -20,7 +20,6 @@
           <v-card class="elevation-12 pb-4">
             <v-toolbar
                     color="primary"
-                    dark
                     flat
             >
               <v-toolbar-title>Log In</v-toolbar-title>
@@ -30,7 +29,7 @@
               <v-text-field
                 v-model="email"
                 label="Email"
-                outlined
+                variant="outlined"
                 required
                 :rules="email_rules"
                 :error-messages="email_errors"
@@ -40,28 +39,28 @@
               <v-text-field
                 v-model="password"
                 label="Password"
-                :append-icon="hide_password ? mdiEyeOff : mdiEye"
+                :append-inner-icon="hide_password ? mdiEyeOff : mdiEye"
                 :type="hide_password ? 'password' : 'text'"
-                outlined
+                variant="outlined"
                 required
                 :rules="password_rules"
                 tabindex="2"
-                @click:append="() => (hide_password = !hide_password)"
+                @click:append-inner="() => (hide_password = !hide_password)"
               />
-              <v-layout class="justify-center">
+              <v-row class="justify-center">
                 <v-checkbox
                   v-model="useSessionStorage"
                   label="Remember me during this browser session"
                   tabindex="3"
                 />
-              </v-layout>
+              </v-row>
               <p class="text-center"><strong>Note:</strong> Login sessions expire after 1 hour of inactivity, or after 7 days at the latest.</p>
             </v-card-text>
             <v-card-actions class="justify-center">
               <v-btn
                 type="submit"
                 color="primary"
-                depressed
+                variant="flat"
                 :disabled="!valid"
                 :loading="working"
                 tabindex="4"
@@ -70,7 +69,7 @@
               </v-btn>
               <v-btn
                 id="forgotPassword"
-                text
+                variant="text"
                 color="primary"
                 :to="{name: 'reset-password', params: email ? {email: email} : {}}"
                 tabindex="5"
diff --git a/www/webapp/src/views/MFA.vue b/www/webapp/src/views/MFA.vue
index e2dee7540..385e6e9d1 100644
--- a/www/webapp/src/views/MFA.vue
+++ b/www/webapp/src/views/MFA.vue
@@ -20,7 +20,7 @@
         <v-card-text class="text-center">
           <div>
             <p class="mt-2">
-              <v-icon>{{ mdiNumeric1Circle }}</v-icon>
+              <v-icon :icon="mdiNumeric1Circle" />
               Please select a TOTP token:
             </p>
             <v-container class="pa-0">
@@ -28,7 +28,7 @@
                 <v-col cols="12" sm="6">
                   <v-select
                     :items="factors"
-                    item-text="name"
+                    item-title="name"
                     item-value="id"
                     v-model="id"
                     label="Token"
@@ -39,7 +39,7 @@
             </v-container>
 
             <p class="mt-6">
-              <v-icon>{{ mdiNumeric2Circle }}</v-icon>
+              <v-icon :icon="mdiNumeric2Circle" />
               Enter the code displayed in the authenticator app to continue:
             </p>
             <v-container class="pa-0">
@@ -59,7 +59,7 @@
               <v-row dense align="center" class="justify-center">
                 <v-col cols="auto">
                   <v-btn
-                          depressed
+                          variant="flat"
                           color="primary"
                           type="submit"
                           :disabled="working || code.length != 6"
@@ -111,7 +111,8 @@ export default {
   },
   methods: {
     async verify() {
-      if (!this.$refs.form.validate()) {
+      const { valid } = await this.$refs.form.validate();
+      if (!valid) {
         return;
       }
       this.working = true;
diff --git a/www/webapp/src/views/PrivacyPolicy.vue b/www/webapp/src/views/PrivacyPolicy.vue
index 7fb3ad61a..5f6071cbd 100644
--- a/www/webapp/src/views/PrivacyPolicy.vue
+++ b/www/webapp/src/views/PrivacyPolicy.vue
@@ -1,6 +1,6 @@
 <template>
   <div>
-    <v-container fluid class="grey lighten-4">
+  <v-container fluid class="bg-grey-lighten-4">
       <v-container>
         <v-row class="pt-8">
           <v-col class="text-center">
diff --git a/www/webapp/src/views/ResetPassword.vue b/www/webapp/src/views/ResetPassword.vue
index 4cf6c22c4..ceb06bae2 100644
--- a/www/webapp/src/views/ResetPassword.vue
+++ b/www/webapp/src/views/ResetPassword.vue
@@ -20,7 +20,6 @@
                     <v-card class="elevation-12 pb-4">
                         <v-toolbar
                                 color="primary"
-                                dark
                                 flat
                         >
                             <v-toolbar-title>Reset Account Password</v-toolbar-title>
@@ -42,8 +41,8 @@
                             <v-text-field
                                     v-model="email"
                                     label="Email"
-                                    :prepend-icon="mdiEmail"
-                                    outlined
+                                    :prepend-inner-icon="mdiEmail"
+                                    variant="outlined"
                                     required
                                     :rules="email_rules"
                                     :error-messages="email_errors"
@@ -60,7 +59,7 @@
                         </v-card-text>
                         <v-card-actions class="justify-center">
                             <v-btn
-                                    depressed
+                                    variant="flat"
                                     color="primary"
                                     type="submit"
                                     :loading="working"
@@ -123,7 +122,8 @@
         return this.$refs.emailField.focus();
       },
       async resetPassword() {
-        if (!this.$refs.form.validate()) {
+        const { valid } = await this.$refs.form.validate();
+        if (!valid) {
           return;
         }
         this.working = true;
diff --git a/www/webapp/src/views/SignUp.vue b/www/webapp/src/views/SignUp.vue
index 529e7645a..f30edefd4 100644
--- a/www/webapp/src/views/SignUp.vue
+++ b/www/webapp/src/views/SignUp.vue
@@ -21,7 +21,6 @@
           <v-card class="elevation-12 pb-4">
             <v-toolbar
                     color="primary"
-                    dark
                     flat
             >
               <v-toolbar-title>Create new Account</v-toolbar-title>
@@ -32,8 +31,8 @@
               <v-text-field
                       v-model="email"
                       label="Email"
-                      :prepend-icon="mdiEmail"
-                      outlined
+                      :prepend-inner-icon="mdiEmail"
+                      variant="outlined"
                       required
                       :rules="email_rules"
                       :error-messages="email_errors"
@@ -60,7 +59,7 @@
                   <v-alert
                       class="mb-2 ml-8 mt-0"
                       type="info"
-                      outlined
+                      variant="outlined"
                   >
                     <p class="text-h6">Limitations of Domains Registered under {{ LOCAL_PUBLIC_SUFFIXES[0] }}</p>
                     <p>
@@ -79,7 +78,6 @@
                       <v-checkbox
                             v-model="limitationsAccepted"
                             hide-details="auto"
-                            type="checkbox"
                             :rules="limitationsAccepted_rules"
                             tabindex="6"
                       >
@@ -94,8 +92,7 @@
               <v-text-field
                       v-model="domain"
                       :label="domainType === 'dynDNS' ? 'DynDNS domain' : 'Domain name'"
-                      prepend-icon="mdi-blank"
-                      outlined
+                      variant="outlined"
                       required
                       :disabled="domainType === 'none' || domainType === undefined || (domainType === 'dynDNS' && !limitationsAccepted)"
                       :rules="domainType === 'dynDNS' ? dyn_domain_rules : (domainType === 'custom' ? domain_rules : [])"
@@ -120,41 +117,39 @@
                 />
               </v-container>
 
-              <v-layout class="justify-center">
+              <v-row class="justify-center">
                 <v-checkbox
                       v-model="outreach_preference"
                       hide-details
-                      type="checkbox"
                       tabindex="5"
                 >
                   <template #label>
-                    <v-flex>
+                    <v-col>
                       Tell me about deSEC developments. No ads. <small>(recommended)</small>
-                    </v-flex>
+                    </v-col>
                   </template>
                 </v-checkbox>
-              </v-layout>
+              </v-row>
 
-              <v-layout class="justify-center">
+              <v-row class="justify-center">
                 <v-checkbox
                       v-model="terms"
                       hide-details="auto"
-                      type="checkbox"
                       :rules="terms_rules"
                       tabindex="6"
                 >
                   <template #label>
-                    <v-flex>
+                    <v-col>
                       Yes, I agree to the <span @click.stop><router-link :to="{name: 'terms'}" target="_blank">Terms of Use</router-link></span> and
                       <span @click.stop><router-link :to="{name: 'privacy-policy'}" target="_blank">Privacy Policy</router-link></span>.
-                    </v-flex>
+                    </v-col>
                   </template>
                 </v-checkbox>
-              </v-layout>
+              </v-row>
             </v-card-text>
             <v-card-actions class="justify-center">
               <v-btn
-                      depressed
+                      variant="flat"
                       class="px-4"
                       color="primary"
                       type="submit"
@@ -247,7 +242,8 @@
         return this.email ? this.$refs.domainField.focus() : this.$refs.emailField.focus();
       },
       async signup() {
-        if (!this.$refs.form.validate()) {
+        const { valid } = await this.$refs.form.validate();
+        if (!valid) {
           return;
         }
         this.working = true;
diff --git a/www/webapp/src/views/TermsPage.vue b/www/webapp/src/views/TermsPage.vue
index 081d79579..b0f91f8f0 100644
--- a/www/webapp/src/views/TermsPage.vue
+++ b/www/webapp/src/views/TermsPage.vue
@@ -21,7 +21,7 @@
       </v-row>
     </v-container>
   </v-card>
-  <v-container fluid class="grey lighten-4">
+  <v-container fluid class="bg-grey-lighten-4">
     <v-container>
       <v-row class="pt-8">
         <v-col class="text-center">
diff --git a/www/webapp/src/views/WelcomePage.vue b/www/webapp/src/views/WelcomePage.vue
index af4083ff7..1d15244a7 100644
--- a/www/webapp/src/views/WelcomePage.vue
+++ b/www/webapp/src/views/WelcomePage.vue
@@ -12,11 +12,9 @@
               sm="8"
               md="6"
       >
-        <v-form @submit.prevent="signup" ref="form">
         <v-card class="elevation-12">
           <v-toolbar
                   color="primary"
-                  dark
                   flat
           >
             <v-toolbar-title>Welcome to deSEC</v-toolbar-title>
@@ -31,10 +29,9 @@
           </v-card-text>
           <v-card-actions>
             <v-spacer/>
-            <v-btn outlined text depressed :to="{name: 'home'}">Home</v-btn>
+            <v-btn variant="outlined" :to="{name: 'home'}">Home</v-btn>
           </v-card-actions>
         </v-card>
-        </v-form>
       </v-col>
     </v-row>
   </v-container>
diff --git a/www/webapp/vite.config.js b/www/webapp/vite.config.js
index 9ebfe90ea..be3c33471 100644
--- a/www/webapp/vite.config.js
+++ b/www/webapp/vite.config.js
@@ -1,15 +1,12 @@
 /* eslint-env node */
 import {defineConfig} from 'vite'
 import {resolve} from 'node:path';
-import Components from 'unplugin-vue-components/vite'
-import {VuetifyResolver} from 'unplugin-vue-components/resolvers'
 import legacy from '@vitejs/plugin-legacy'
-import vue from '@vitejs/plugin-vue2'
+import vue from '@vitejs/plugin-vue'
+import vuetify from 'vite-plugin-vuetify'
 
 export default defineConfig({
-    define: {
-        'process.env.BUILD': '"web"' // fix for vuelidate@0.7.7
-    },
+    cacheDir: '.vite',
     css: {
         preprocessorOptions: {
             sass: {
@@ -23,13 +20,18 @@ export default defineConfig({
         vue({
             template: {
                 transformAssetUrls: {
+                    img: ['src'],
+                    image: ['xlink:href', 'href'],
+                    source: ['src', 'srcset'],
+                    video: ['src', 'poster'],
+                    audio: ['src'],
+                    use: ['xlink:href', 'href'],
                     'v-img': ['src'],
+                    'v-video': ['src', 'poster'],
                 },
             },
         }),
-        Components({
-            resolvers: [VuetifyResolver()],
-        }),
+        vuetify({ autoImport: true }),
         legacy(), // Build for old browser.
     ],
     server: {