📡 UniFi DNS Sync for Site-to-Site VPNs

2025 Sep 14

UniFi has Site Magic, but it's not so magic sometimes - because DNS A records aren't synchronized across sites.

To solve this, I wrote the core code for a small Python tool and used AI to help refine the structure and packaging. The result is unifi-dns-sync, a simple CLI utility for keeping DNS A records in sync across UniFi controllers.

You can install it directly from PyPI with:

pip install unifi-dns-sync

Source code is available on GitHub.

Usage

First, create a dns-records.json file with the DNS A records you want managed by your UniFi controller:

[
  { "duck.switenky.com": "10.0.10.11" },
  "horse.switenky.com",
  { "cat.switenky.com": "10.0.30.14" },
  { "dog.switenky.com": "10.0.40.15" }
]

Then run:

python -m unifi_dns_sync dns-records.json \
  --controller https://10.0.0.1 \
  --username admin \
  --password your-password \
  --target-ip 10.0.0.123

Note: any hostname without an explicit IP (like horse.switenky.com) will use the fallback specified by --target-ip.

Here’s what that looks like when you run it:

Command line interface demo of unifi-dns-sync syncing DNS records and displaying diff-style output

Conclusion

It’s lightweight and flexible enough to integrate into a cron job, Ansible playbook, CI/CD pipeline, or even a Kubernetes job.

It solved a real headache in my homelab and multi-site UniFi setup -- and hopefully it helps you too.

✨ Features

Takes in a list of records
Adds new records and removes unused
Provides diff-style output and supports dry-run mode via CLI arguments.
Easy to automate (Kubernetes, Ansible, CI/CD, etc.)