The DNS handler requests a zone transfer (AXFR) from a DNS server. The A and AAAA records are retrieved and used to build an import requisition. This is useful for organizations that use DNS, possibly coupled with an IP management tool, as the database of record for nodes in the network. Rather than ping sweeping the network or entering the nodes manually into the Horizon Requisition UI, you can manage nodes via one or more DNS servers.
The format of the URL for this protocol handler is:
Prior to Horizon 30, you set external requisitions in the
This file is no longer available.
You must use the UI or the config management REST API to configure an external requisition.
To configure a DNS requisition, follow the steps in Create an external requisition, but specify DNS as the type, and set the host, DNS zone, requisition name, schedule, and rescan behavior.
This URL imports all A and AAAA records from the zone
myzone.com on the host
my-dns-server via port 53 (default DNS port).
Since the foreign source is not specified, it will be added to the default requisition.
This URL imports all nodes from the same server and zone, but only imports the nodes in the zone that match the regular expression
The matching nodes will be assigned to a requisition named 'portland'.
If your expression requires URL encoding, for example you need to use a
? in the expression, you must encode it properly.
You can use the
location parameter to assign a single location to all nodes in this requisition.
This would apply only if you use Minions in your network.
By prefixing with a
~, you can specify a URL-encoded regular expression to determine the location based on the host entries.
The following example derives the location based on the subdomain.
This example uses a URL-encoded regular expression
^(?:.\.|)(.?)\.hs-fulda\.de\.$ with exactly one capturing group containing the subdomain.
This will associate nodes for the host entries
bar.e46.hs-fulda.de. to the location
e46 while hosts like
bbb.g51.hs-fulda.de will be assigned location
|You can use online tools like https://www.urlencoder.org to encode your parameters.|
The DNS import handler performs an AXFR zone transfer request to collect DNS resource records for use in provisioning nodes. Zone transfers are designed for zone replication between DNS servers. You may want to provide additional security mechanisms to protect your DNS infrastructure. At a minimum, you should always restrict AXFR requests to only trusted IP addresses and/or use a hidden, read-only secondary DNS server for Horizon.
You may want to set up a secondary DNS server on your Horizon and configure the rest of the DNS servers to allow transfers to your Horizon server.
This allows you to point the DNS import handler to
|There is no encryption or authentication available for AXFR transfer requests. Transaction signatures (TSIG) to prevent IP spoofing attempts are currently not supported by Horizon.|
A quick way to test if zone transfers are working is:
dig -t AXFR @<dnsServer> <zone>