A small collection of utilities to automate workflows around NetBox. Currently includes a Windows PowerShell tool to synchronize Microsoft DNS records into the NetBox DNS plugin with an interactive preview.

• PowerShell/Update-NetboxDNS.ps1 — Synchronize DNS records from a Windows DNS server into NetBox DNS (supports preview and selective apply).

• Primary zones only: Operates on zones authoritative on the local/target DNS server
• Forward and reverse zones: Supports in-addr.arpa and ip6.arpa
• Record types: A, AAAA, CNAME, PTR (skips SOA/NS)
• Smart diff: Compares with NetBox DNS and classifies as Create/Update/Skip
• GUI preview: Uses Out-GridView to interactively select which changes to push
• Optional zone creation: Can create missing zones in NetBox
• Configurable API base: Works with netbox-dns or netbox_dns plugin slugs via -ApiBasePath

• Windows PowerShell 5.1+ (with Out-GridView) or PowerShell 7 with Microsoft.PowerShell.GraphicalTools
• RSAT DNS Server tools installed (PowerShell DnsServer module available)
• NetBox with the DNS plugin by peteeckel installed and an API token with write permissions

If you use PowerShell 7, install the grid view module:

Install-Module Microsoft.PowerShell.GraphicalTools -Scope CurrentUser -Force

The NetBox DNS plugin may need relaxed validation to allow certain records (including A) with leading underscores. Example in configuration.py:

PLUGINS_CONFIG = {
  'netbox_dns': {
    'tolerate_leading_underscore_types': [
      'TXT', 'SRV', 'SVCB', 'TLSA', 'CNAME', 'DNAME', 'MX', 'A'
    ],
  }
}

Basic run (uses an environment variable for the API token):

$env:NETBOX_TOKEN = "<your-api-token>"
.\PowerShell\Update-NetboxDNS.ps1 -NetBoxUrl "https://netbox.example.com"

Pass the token explicitly (alternatively to NETBOX_TOKEN):

.\PowerShell\Update-NetboxDNS.ps1 -NetBoxUrl "https://netbox.example.com" -ApiToken "<your-api-token>"

Target a specific DNS server, allow creating missing zones, and filter zones:

.\PowerShell\Update-NetboxDNS.ps1 `
  -NetBoxUrl "https://netbox.example.com" `
  -DnsServer "dns01.example.com" `
  -CreateMissingZones `
  -ZoneInclude @("example.com","10.in-addr.arpa")

Using an alternate plugin base path (e.g., netbox_dns):

.\PowerShell\Update-NetboxDNS.ps1 -NetBoxUrl "https://netbox.example.com" -ApiBasePath "/api/plugins/netbox_dns"

When the preview grid opens, select the rows you want to sync and press OK to apply them.

• -NetBoxUrl [string]: NetBox base URL. Default: https://netbox.example.com
• -ApiBasePath [string]: DNS plugin API base path. Default: /api/plugins/netbox-dns
• -ApiToken [string]: NetBox API token. Optional if NETBOX_TOKEN is set
• -DnsServer [string]: DNS server to read from. Default: local computer name
• -IncludeSystemZones: Include system/underscore zones (_msdcs, DomainDnsZones, etc.)
• -ZoneInclude [string[]]: Only include these exact zone names
• -ZoneExclude [string[]]: Exclude these exact zone names
• -CreateMissingZones: Create zones in NetBox if they don’t exist
• -IgnoreCertErrors: Ignore SSL certificate validation (use with caution)

• Operates on primary zones only; secondary/stub zones are ignored
• Only A, AAAA, CNAME, and PTR records are synchronized
• SOA/NS records and system zones are skipped by default
• TTL changes will be applied when they differ

See LICENSE.md.