Skip to content

joepitt91/bind9_to_panos

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits
.github
.github
 
 
LICENSES
LICENSES
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
bind9_to_panos.py
bind9_to_panos.py
 
 
example.conf
example.conf
 
 
log.py
log.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Bind9 to PAN-OS

Load bind9 zone files into a PAN-OS firewall as address and address group objects.

Creates {hostname}-fqdn, {hostname}-v4, {hostname}-v6 (and {hostname}-v4_{n} / {hostname}-v6_{n} for hosts with multiple IPv4 and / or IPv6 addresses) address objects and a {hostname} address group per host in the zone file.

Parses inline comments for a tag (panos_tag=) and descriptions (panos_desc=), these can appear anywhere in the comments. Values with spaces are supported but must be quoted. Tags must already exist on the PAN-OS device.

For example:

example         IN  A   10.10.10.10 ; some comment panos_tag=trust panos_Desc="box that does things"

NOTE: Updates to IPs, panos_tag, or panos_desc will be propagated to the PAN-OS device on next run, however, renamed or deleted hosts will not be removed from PAN-OS, this must be done manually.

Requirements

  • Python 3.10 to 3.14 on Linux, macOS, or Windows,
  • PIP Module dnspython, and
  • PIP Module pan-os-python.

Setup

  1. Copy the project to the bind server, or another host with access to the zone files.
  2. Create a virtual environment: python3 -m venv venv ; source venv/bin/activate.
  3. Install the dependencies: pip3 install -r ./requirements.txt.
  4. Create a configuration file: cp example.conf bind9_to_panos.conf.
  5. Restrict access to the configuration file: chmod 600 bind9_to_panos.conf.
  6. Edit the DEFAULT section of bind9_to_panos.conf to point to your firewall.
  7. Edit the example.tld section of bind9_to_panos.conf to point to the zone file.
  8. (Optional) Add additional sections for other zone files.
  9. Run the script: python3 bind9_to_panos.py.
  10. (Optional) Add a cron job to run the script periodically:
    1. Disable printing to screen by setting log_to_screen to False in bind9_to_panos.conf.
    2. Open the crontab for the desired users: sudo crontab -u <username> -e.
      • Use a low privilege user that can read the zone files, avoid root and named.
    3. Add the cron job to the file on the desired schedule (04:00 daily in this example): 0 4 * * * /path/to/venv/bin/python3 /path/to/bind9_to_panos.py.

About

Load bind9 zone files into a PanOS firewall as address and address group objects.

Topics

python python3 bind paloaltonetworks bind9 paloalto

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 3

v1.0.2 Latest
Mar 8, 2026
+ 2 releases

Sponsor this project

 
Learn more about GitHub Sponsors

Contributors

Languages