Cloudflare and Dynamic DNS with ddclient and docker

By Antti Hurme 27/11/2022 No Comments 3 Min Read

I’ve been using Namecheap for my domains for a long time. At home, I have a fairly good connection from a reliable Internet Service Provider. Still, my public IPv4 address will change from time to time, especially if I have a longer downtime with the server that contains my Palo Alto VM-edition firewall. The Namecheap client works pretty well, but I wanted to test out Cloudflare, and this was a good way to move a domain that isn’t in my primary use, but still contains functionality I need.

First of all, you need to move your domain to Cloudflare.  Cloudflare has a free plan for people like us, that allows us to utilize Cloudflare services in a smaller scale. This is enough for what I’m going to use it for.

Source: Cloudflare Plans and Services

Once you’ve updated your domain and pointed your DNS servers to Cloudflare using their Add a site wizard, you can move forward to configuring a token for updating and setting up ddclient in a docker container. Tokens can be created from My Profile in the Cloudflare user interface. You can either use your Global API key or create a token for this specific use case. If creating a token, it needs the following permissions;

  • Zone:DNS:Read permission
  • Zone:DNS:Write permission
  • “All zones from an account” scope

To set up the docker container, I’ve used the community container for ddclient. My configuration differs a little bit, as I’ve specified the Volumes and Networks in the docker-compose.yml. You can find the ddclient page here.

The configuratoin file can be found when opening the CLI to the container at /config/ddclient.conf. The following is my configuration with Cloudflare to get dynamic DNS working. Make note of all commas (,) and backslashes (\), as they are the most common reason for things not working. I was missing a comma in the configuration and got the following error “WARNING: skipping host: entry.fqdn.tld: ‘login=’ is an invalid login.”.

daemon=1800                             # check every 300 seconds                                                        
syslog=yes                              # log update msgs to syslog                                                      
#mail=root                              # mail all msgs to root                     
#mail-failure=root          # mail failed update msgs to root   
pid=/var/run/ddclient/      # record PID in file.                 
ssl=yes                                 # use ssl-support.  Works with             
                                                # ssl-library                                                            
use=web # get IP with website below                                                                                      
web-skip='ip=' # IP address above is after 'ip=' 
## CloudFlare (                                                                                       
protocol=cloudflare,        \                                                                                            
zone=domain.fqdn,            \                                                                                            
#login=cloudflare@login.details,     \ # Only needed if you are using your global API key. If you are using an API token, set it
password='YourGlobalAPIkeyOrGeneratedToken'  # This is either your global API key, or an API token. If you are us

Once everything is set, and you’ve added the configuration correctly, the container log should show up as following;

[] done.
s6-rc: info: service 99-ci-service-check successfully started
Setting up watches.
Watches established.
WARNING:  skipping update of record.domain.fqdn from <nothing> to Ipv4-Address.
WARNING:  last updated Sat Nov 26 21:29:08 2022 but last attempt on Sat Nov 26 21:29:08 2022 failed.
WARNING:  Wait at least 5 minutes between update attempts.
SUCCESS:  updating record.domain.fqdn: IPv4 address set to Ipv4-Address
SUCCESS:  updating record.domain.fqdn: IPv4 address set to Ipv4-Address
SUCCESS:  updating record.domain.fqdn: IPv4 address set to Ipv4-Address
Written By

Who am I? | Linkedin

View All Articles
Previous Post

Homelab Disclaimer

Leave a Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.

This site uses Akismet to reduce spam. Learn how your comment data is processed.