feat: Cloudflare DNS management with automatic record sync

Add flexible DNS management to Docker Watcher. By default, wildcard DNS
is assumed (current behavior). When disabled, users can configure a
Cloudflare DNS provider with API token and zone selection. DNS A records
are automatically created/updated/deleted in sync with proxy consumers
(deployed instances and standalone proxies).

- Settings: wildcard_dns toggle, dns_provider, cloudflare credentials
- Cloudflare client: Provider interface with EnsureRecord/DeleteRecord/ListRecords
- DNS lifecycle hooks in deployer and proxy manager (best-effort)
- Settings UI: DNS config section with provider picker, zone selector, test button
- DNS Records page at /dns with filtering, sync status, reconciliation
- Records visible in both wildcard and managed modes
- Cleanup on provider change: removes old records when switching modes

web/src/lib/i18n/en.json

@@ -16,7 +16,8 @@
     "proxies": "Proxies",
     "events": "Events",
     "settings": "Settings",
-    "logout": "Log out"
+    "logout": "Log out",
+    "dns": "DNS Records"
   },
   "dashboard": {
     "title": "Dashboard",
@@ -243,7 +244,26 @@
     "noCertificate": "None (no SSL)",
     "clearCertificate": "Clear",
     "loadingCertificates": "Loading certificates...",
-    "noCertificatesFound": "No wildcard certificates found in NPM"
+    "noCertificatesFound": "No wildcard certificates found in NPM",
+    "dnsConfig": "DNS Configuration",
+    "wildcardDns": "Wildcard DNS is configured",
+    "wildcardDnsHelp": "When enabled, all subdomains resolve to your server via a wildcard DNS rule. Disable to manage DNS records per service.",
+    "dnsProvider": "DNS Provider",
+    "dnsProviderHelp": "Select a DNS provider for automatic record management",
+    "cloudflareApiToken": "Cloudflare API Token",
+    "cloudflareApiTokenHelp": "API token with DNS edit permissions for your zone",
+    "cloudflareApiTokenPlaceholder": "Enter Cloudflare API token",
+    "cloudflareApiTokenConfigured": "API token is configured",
+    "cloudflareZone": "Cloudflare Zone",
+    "cloudflareZoneHelp": "Select the DNS zone to manage records in",
+    "selectZone": "Select Zone",
+    "noZone": "No zone selected",
+    "loadingZones": "Loading zones...",
+    "noZonesFound": "No zones found for this token",
+    "testConnection": "Test Connection",
+    "testingConnection": "Testing...",
+    "connectionSuccess": "Connection successful",
+    "connectionFailed": "Connection failed"
   },
   "settingsRegistries": {
     "title": "Container Registries",
@@ -540,6 +560,43 @@
     "proxies": "Proxies",
     "recentErrors": "Recent Errors"
   },
+  "dns": {
+    "title": "DNS Records",
+    "description": "View and manage DNS records created by Docker Watcher.",
+    "wildcardActive": "Wildcard DNS Mode Active",
+    "wildcardActiveDesc": "DNS records are managed externally via wildcard DNS. Disable wildcard DNS in Settings to manage records individually.",
+    "refresh": "Refresh",
+    "syncNow": "Sync Now",
+    "syncing": "Syncing...",
+    "syncComplete": "Sync complete: {created} created, {deleted} deleted, {synced} already synced",
+    "syncFailed": "DNS sync failed",
+    "searchPlaceholder": "Search by FQDN...",
+    "allConsumers": "All consumers",
+    "managed": "Managed (instances)",
+    "standalone": "Standalone proxies",
+    "orphaned": "Orphaned",
+    "allStatuses": "All statuses",
+    "statusSynced": "Synced",
+    "statusMissing": "Missing",
+    "statusOrphaned": "Orphaned",
+    "columnFqdn": "FQDN",
+    "columnType": "Type",
+    "columnValue": "Value",
+    "columnConsumer": "Consumer",
+    "columnStatus": "Status",
+    "columnActions": "Actions",
+    "noConsumer": "No consumer",
+    "noRecords": "No DNS records found. Records will appear here when services are deployed.",
+    "noMatchingRecords": "No records match the current filters.",
+    "deleteRecord": "Delete record",
+    "recordDeleted": "DNS record {fqdn} deleted",
+    "deleteFailed": "Failed to delete DNS record",
+    "loadFailed": "Failed to load DNS records",
+    "totalRecords": "Total: {count}",
+    "syncedCount": "Synced: {count}",
+    "missingCount": "Missing: {count}",
+    "orphanedCount": "Orphaned: {count}"
+  },
   "language": {
     "en": "English",
     "ru": "Russian"