Skip to content

NEW PROVIDER: UniFi Network DNS provider #4013

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
zupolgec wants to merge 5 commits into
base: main
Choose a base branch
from
Open

NEW PROVIDER: UniFi Network DNS provider #4013

zupolgec wants to merge 5 commits into from
+1,378 −0

Conversation

@zupolgec
Copy link
Collaborator

@zupolgec zupolgec commented Jan 26, 2026
edited
Loading

Summary

Add support for managing static DNS records on UniFi Network controllers via the v2 API (Network 8.2+).

Features

  • Supported record types: A, AAAA, CNAME, MX, TXT, SRV, NS
  • Local access: Direct connection to UniFi controller with optional TLS verification skip for self-signed certs
  • Cloud access: Remote management via UniFi Cloud Connector (api.ui.com) - requires UniFi OS 5.0.3+
  • Domain filtering: Automatically filters records by domain suffix since UniFi stores all records flat

Configuration

Local Access

{
  "unifi": {
    "TYPE": "UNIFI",
    "host": "https://192.168.1.1",
    "api_key": "your-api-key",
    "site": "default",
    "skip_tls_verify": "true"
  }
}

Cloud Access

{
  "unifi_cloud": {
    "TYPE": "UNIFI",
    "console_id": "your-console-id",
    "api_key": "cloud-api-key",
    "site": "default"
  }
}

Usage Example

var DNS_UNIFI = NewDnsProvider("unifi");

D("home.internal", REG_NONE, DnsProvider(DNS_UNIFI),
    A("server", "10.0.0.10"),
    CNAME("www", "server.home.internal."),
    MX("@", 10, "mail.home.internal."),
END);

Testing

Tested using the OLD API (/v2/api/site/{site}/static-dns) via:

  • Local access: UDM Pro (Network 10.0.162)
  • Cloud access: Remote console via api.ui.com (Network 10.1.78)

All CRUD operations verified working on both access methods.

References

@zupolgec
Copy link
Collaborator Author

zupolgec commented Jan 26, 2026

Hi @tlimoncelli, Unifi is launching a new API to manage DNS records in v10.1.
Should this new API be implemented in a new UNIFI_V2 provider, or we can add version detection in this new provider (since no one is using it yet) or a flag?

@tlimoncelli
Copy link
Collaborator

tlimoncelli commented Jan 27, 2026
edited
Loading

Hi @tlimoncelli, Unifi is launching a new API to manage DNS records in v10.1. Should this new API be implemented in a new UNIFI_V2 provider, or we can add version detection in this new provider (since no one is using it yet) or a flag?

Either is fine. If you want to skip v1 and only support v2, that's fine too. (edited for clarity)

@tlimoncelli tlimoncelli changed the title new provider: Add UniFi Network DNS provider NEW PROVIDER: UniFi Network DNS provider Jan 27, 2026
@zupolgec
Copy link
Collaborator Author

zupolgec commented Jan 28, 2026

Hi @tlimoncelli, Unifi is launching a new API to manage DNS records in v10.1. Should this new API be implemented in a new UNIFI_V2 provider, or we can add version detection in this new provider (since no one is using it yet) or a flag?

Either is fine. If you want to skip v1 and only support v2, that's fine too. (edited for clarity)

Right now v2 is Early Access. And v1 would support all Unifi versions back to 8.x. That could be immediately useful for more users. I'll go with a flag that defaults to "auto" for version detection, best of both.

@tlimoncelli
Copy link
Collaborator

tlimoncelli commented Feb 2, 2026
edited
Loading

Thank you for contributing this new provider, @zupolgec !

Some notes:

  1. @fm: Faisal Misle is our “liaison to maintainers”. He'll reach out to you soon. He'll be requesting your email address so that we have a more direct way to contact you.
  2. By now you should have recieved a Github invite to have the "triage" role for this repo. Please accept the invite so we can assign bugs to you.
  3. I reviewed the checklist at the end of https://docs.dnscontrol.org/developer-info/writing-providers and some things are missing: Please update the OWNERS, README.md, and create a documentation page.
  4. When done, please (1) run bin/generate.sh, (2) rebase, (3) post the output of the integration tests as a comment to this PR.

My home internet router doesn't have an API. Maybe I should check out UniFi!

Thanks again!
Tom

tlimoncelli
tlimoncelli requested changes Feb 2, 2026
View reviewed changes
Copy link
Collaborator

@tlimoncelli tlimoncelli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See previous comment

@zupolgec
new provider: Add UniFi Network DNS provider
f0b56ba 
Add support for managing static DNS records on UniFi Network controllers
via the v2 API (Network 8.2+). Supports both local access and remote
cloud access via api.ui.com.

Features:
- Supported record types: A, AAAA, CNAME, MX, TXT, SRV, NS
- Local access with optional TLS verification skip for self-signed certs
- Cloud access via UniFi Cloud Connector (requires UniFi OS 5.0.3+)
- Automatic record filtering by domain suffix

Configuration options:
- host: Local controller URL (e.g., https://192.168.1.1)
- console_id: Cloud console ID for remote access
- api_key: UniFi API key
- site: Site name (defaults to 'default')
- skip_tls_verify: Skip TLS verification for self-signed certs
@zupolgec
Add api_version config with auto-detection between new and legacy APIs
7e8571e 
Support both UniFi Network APIs:
- Legacy API (v2/api/site/{site}/static-dns) for Network 8.2+
- New API (integration/v1/sites/{siteId}/dns/policies) for Network 10.1+

The new 'api_version' config parameter accepts:
- 'auto' (default): probes both APIs, prefers new, falls back to legacy
- 'new': forces new API only
- 'legacy': forces legacy API only

The new API supports native PUT for updates (no delete+create needed).
@zupolgec
Add documentation and update OWNERS/README for UniFi provider
a6c2c60
@zupolgec
Add integration test profile and improve audit rules for UniFi provider
a3b838b 
- Add UNIFI profile to profiles.json with known failures (26, 43)
- Improve AuditRecords to properly return nil when no errors
- Add audit rules for: TXT > 255 chars, null MX, null SRV target
- Remove NS from supported types (requires IP, not hostname)
@zupolgec
Copy link
Collaborator Author

zupolgec commented Feb 2, 2026

  1. I reviewed the checklist at the end of https://docs.dnscontrol.org/developer-info/writing-providers and some things are missing: Please update the OWNERS, README.md, and create a documentation page.
  2. When done, please (1) run bin/generate.sh, (2) rebase, (3) post the output of the integration tests as a comment to this PR.

Docs added. This is the result of the integration tests:

Testing Profile="UNIFI" (TYPE="UNIFI")
--- PASS: 250 tests
--- SKIP: 157 tests (unsupported record types, provider-specific features)
--- FAIL: 2 tests (known API limitations)

Known failures (knownFailures: "26,43"):
- Test 26: TXT with interior double-quotes - UniFi API rejects "Incorrectly quoted value"
- Test 43: SRV custom TTL - UniFi doesn't preserve TTL for SRV records (always returns 300)

My home internet router doesn't have an API. Maybe I should check out UniFi!

I love Ubiquiti and their products, huge fan. I like to think of them as the Apple of networking equipment (the old Apple at least).
I also like Mikrotik devices, really hackable and configurable. Probably it will be my next provider proposal 😀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tlimoncelli tlimoncelli tlimoncelli requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

provider-request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@zupolgec @tlimoncelli @chicks-net