The dnssync script allows DNS zones hosted at various DNS providers
to be synchronized with local bind-style text zone files. This allows
the DNS zones to be easily version-controlled, even if the service
provider does not directly support that.
Currently supported DNS service providers:
DomainMonster <http://domainmonster.com/>_ (via HTML scraping)PowerDNS <http://powerdns.net/>_ZoneEdit <http://zoneedit.com/>_ (via HTML scraping)Register.LY <http://register.ly/>_ (via HTML scraping).. code:: bash
$ pip install dnssync
To download a zone from PowerDNS:
.. code:: bash
$ dnssync download --driver powerdns --param apikey={KEY} --domain {DOMAIN} {ZONEFILE}
These command line options can also be stored in a configuration file,
e.g. config.ini:
.. code:: ini
driver = powerdns apikey = {KEY} domain = {DOMAIN} zonefile = {ZONEFILE}
And then invoke dnssync as follows:
.. code:: bash
$ dnssync download --config config.ini
To upload a zone:
.. code:: bash
$ dnssync upload --config config.ini
And to show differences between the hosted zone and the local zonefile:
.. code:: bash
$ dnssync diff --config config.ini
And to test that a DNS server is serving the zone as specified:
.. code:: bash
$ dnssync verify --config config.ini
Note that the verify command has some limitations in how accurate
it can be. For example, record-level TTL's cannot be extracted from
DNS (only remaining time, not total time, to expiry).
The dnssync configuration file can specify the following options:
driver:
The driver for the specific DNS hosting service; currently supported values:
domainmonster: for DomainMonster.compowerdns: for PowerDNS.netzoneedit: for ZoneEdit.comdomain:
The name of the zone to be operated on.
zonefile:
The filename of the local zone file. If specified in the configuration, it is taken to be relative to the configuration file. If specified on the command line, it is taken to be relative to the current working directory.
The following options exist for the domainmonster driver:
username:
The username of the account to log into DomainMonster with.
password:
The password of the specified username account.
.. IMPORTANT::
The domainmonster driver uses HTML-scraping to operate on the
hosted zone. This means that it, unfortunately, is quite brittle and
may break if DomainMonster changes its HTML structure. If this
appears to be happening, please report it to
https://github.com/metagriffin/dnssync/issues and I'll fix it ASAP.
The following options exist for the powerdns driver:
apikey:
The API access key provided by PowerDNS. Note that an account must first be enabled (via the PowerDNS website) before it can be used.
.. IMPORTANT::
The PowerDNS service has, as of 2016/09/29, been end-of-lifed. That means that you need to already have an account and service purchased to be able to use this driver.
The following options exist for the zoneedit driver:
username:
The username of the account to log into ZoneEdit with.
password:
The password of the specified username account.
.. IMPORTANT::
The zoneedit driver uses HTML-scraping to operate on the hosted
zone (despite what ZoneEdit advertises, they do NOT have an API to
manage their DNS zones). This means that it, unfortunately, is quite
brittle and may break if ZoneEdit changes its HTML structure. If
this appears to be happening, please report it to
https://github.com/metagriffin/dnssync/issues and I'll fix it ASAP.
Several different profiles can be stored in the same configuration; each profile should have a section named after the domain. Global parameters can be stored in the "DEFAULT" section. For example:
.. code:: ini
[DEFAULT]
driver = powerdns apikey = 2f16eef6-5b1f-4d80-96f7-0237da03db48
domain = example.com
[example.com] zonefile = example-com.zone
[other-example.com] zonefile = other-example-com.zone
Then, to upload the zones:
.. code:: bash
$ dnssync upload -c config.ini
$ dnssync upload -c config.ini -d other-example.com
The zonefile can also specify the configuration file via emacs-style
local variables. The configuration file specified on the command line,
however, takes precedence. For example, given the following
example-com.zone zonefile:
.. code:: text
;; -- coding: utf-8; dnssync-config: config.ini --
$ORIGIN example.com. example.com. 3600 IN SOA ... ... more DNS records ...
The following command will pull all options from the config.ini
file:
.. code:: bash
$ dnssync diff example-com.zone
$ dnssync upload example-com.zone
FAQs
Command line client to synchronize DNS hosted zones with local zone files
We found that dnssync demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Meet Socket at Black Hat & DEF CON 2025 for 1:1s, insider security talks at Allegiant Stadium, and a private dinner with top minds in software supply chain security.
Security News
CAI is a new open source AI framework that automates penetration testing tasks like scanning and exploitation up to 3,600× faster than humans.
Security News
Deno 2.4 brings back bundling, improves dependency updates and telemetry, and makes the runtime more practical for real-world JavaScript projects.