NEW PROVIDER: UniFi Network DNS provider

[zupolgec]

Summary

Add support for managing static DNS records on UniFi Network controllers via the v2 API (Network 8.2+).

Features

• Supported record types: A, AAAA, CNAME, MX, TXT, SRV, NS
• Local access: Direct connection to UniFi controller with optional TLS verification skip for self-signed certs
• Cloud access: Remote management via UniFi Cloud Connector (api.ui.com) - requires UniFi OS 5.0.3+
• Domain filtering: Automatically filters records by domain suffix since UniFi stores all records flat

Configuration

Local Access

{
  "unifi": {
    "TYPE": "UNIFI",
    "host": "https://192.168.1.1",
    "api_key": "your-api-key",
    "site": "default",
    "skip_tls_verify": "true"
  }
}

Cloud Access

{
  "unifi_cloud": {
    "TYPE": "UNIFI",
    "console_id": "your-console-id",
    "api_key": "cloud-api-key",
    "site": "default"
  }
}

Usage Example

var DNS_UNIFI = NewDnsProvider("unifi");

D("home.internal", REG_NONE, DnsProvider(DNS_UNIFI),
    A("server", "10.0.0.10"),
    CNAME("www", "server.home.internal."),
    MX("@", 10, "mail.home.internal."),
END);

Testing

Tested using the OLD API (/v2/api/site/{site}/static-dns) via:

• Local access: UDM Pro (Network 10.0.162)
• Cloud access: Remote console via api.ui.com (Network 10.1.78)

All CRUD operations verified working on both access methods.

References

• external-dns-unifi-webhook - API reference
• UniFi Network API docs

[zupolgec]

Hi @tlimoncelli, Unifi is launching a new API to manage DNS records in v10.1.
Should this new API be implemented in a new UNIFI_V2 provider, or we can add version detection in this new provider (since no one is using it yet) or a flag?

[tlimoncelli]

Hi @tlimoncelli, Unifi is launching a new API to manage DNS records in v10.1. Should this new API be implemented in a new UNIFI_V2 provider, or we can add version detection in this new provider (since no one is using it yet) or a flag?

Either is fine. If you want to skip v1 and only support v2, that's fine too. (edited for clarity)

[zupolgec]

Hi @tlimoncelli, Unifi is launching a new API to manage DNS records in v10.1. Should this new API be implemented in a new UNIFI_V2 provider, or we can add version detection in this new provider (since no one is using it yet) or a flag?

Either is fine. If you want to skip v1 and only support v2, that's fine too. (edited for clarity)

Right now v2 is Early Access. And v1 would support all Unifi versions back to 8.x. That could be immediately useful for more users. I'll go with a flag that defaults to "auto" for version detection, best of both.

[tlimoncelli]

Thank you for contributing this new provider, @zupolgec !

Some notes:

1. @fm: Faisal Misle is our “liaison to maintainers”. He'll reach out to you soon. He'll be requesting your email address so that we have a more direct way to contact you.
2. By now you should have recieved a Github invite to have the "triage" role for this repo. Please accept the invite so we can assign bugs to you.
3. I reviewed the checklist at the end of https://docs.dnscontrol.org/developer-info/writing-providers and some things are missing: Please update the OWNERS, README.md, and create a documentation page.
4. When done, please (1) run bin/generate.sh, (2) rebase, (3) post the output of the integration tests as a comment to this PR.

My home internet router doesn't have an API. Maybe I should check out UniFi!

Thanks again!
Tom

[tlimoncelli]

See previous comment

[zupolgec]

3. I reviewed the checklist at the end of https://docs.dnscontrol.org/developer-info/writing-providers and some things are missing: Please update the OWNERS, README.md, and create a documentation page.
4. When done, please (1) run bin/generate.sh, (2) rebase, (3) post the output of the integration tests as a comment to this PR.

Docs added. This is the result of the integration tests:

Testing Profile="UNIFI" (TYPE="UNIFI")
--- PASS: 250 tests
--- SKIP: 157 tests (unsupported record types, provider-specific features)
--- FAIL: 2 tests (known API limitations)

Known failures (knownFailures: "26,43"):
- Test 26: TXT with interior double-quotes - UniFi API rejects "Incorrectly quoted value"
- Test 43: SRV custom TTL - UniFi doesn't preserve TTL for SRV records (always returns 300)

My home internet router doesn't have an API. Maybe I should check out UniFi!

I love Ubiquiti and their products, huge fan. I like to think of them as the Apple of networking equipment (the old Apple at least).
I also like Mikrotik devices, really hackable and configurable. Probably it will be my next provider proposal 😀

[tlimoncelli]

Hello friend!

Please rebase (there are merge conflicts, sorry!). If you can do this in the today or tomorrow, I'll include this in the next release.

[fm]

Hi @zupolgec,

Apologies for the delay, I thought I had already posted here. As Tom mentioned I am the Maintainer Liaison. Would you be able to send your contact email to us? You can reach me at dnscontrol at faisal dot fm and Tom at tlimoncelli at stack over flow dot com

Your email will not be public and will only be used the the project team to send out maintainer communications.

As a maintainer, we’d like to remind you of your role and expectations we have so that everyone has a positive experience using dnscontrol:

• Maintainers are expected to support their provider. If a maintainer is no longer able to maintain a provider, they should suggest a replacement or if no replacement is available, the maintainer shall let the maintainer liaison know so they can put out a call for volunteers.
• Maintainers must be responsible to bug reports and PRs for their provider.
• Maintainers should set up test accounts and periodically verify that all tests pass (pkg/js/parse_tests and integrationTest), especially when new features are added or changed in the core product.
• Contributors are encouraged to add new tests and refine old ones. (Test-driven development is encouraged.)

Thank you!!

[zupolgec]

Hey @tlimoncelli, saw your rebase, thanks!

I fixed a couple things on my end — removed some unused functions and fixed godot lint warnings in the unifi provider. Just pushed that.

There are two issues left from the merge that I think are on your side:

1. providers/desec/desecProvider.go:54 — missing colon on the CanUseOPENPGPKEY line (looks like it got dropped during the merge):

   // broken:
   providers.CanUseOPENPGPKEY        providers.Can(),
   // should be:
   providers.CanUseOPENPGPKEY:       providers.Can(),

2. providers/unifi/types.go — go fix wants to replace omitempty with omitzero on a few struct tags (Go 1.25+ thing, showed up after the merge). Not sure if that's something you want to handle globally or if I should just commit it.

Let me know!

[tlimoncelli]

Hello @zupolgec !

Thanks for pointing those out. The first one is now fixed in main. The second issue... feel free to commit it in your PR.

[zupolgec]

All green now 😀

[tlimoncelli]

Please update the regex on line 41 of .goreleaser.yml

Please review Step 15 of https://docs.dnscontrol.org/developer-info/writing-providers for a checklist of files that should be modified.

[tlimoncelli]

parameter "domain" is not used. Please remove.

[tlimoncelli]

parameter "domain" is never used. Please remove.

[zupolgec]

🥳 thanks @tlimoncelli