I’ve been using Namecheap for my domains for a long time. At home, I have a fairly good connection from a reliable Internet Service Provider. Still, my public IPv4 address will change from time to time, especially if I have a longer downtime with the server that contains my Palo Alto VM-edition firewall. The Namecheap client works pretty well, but I wanted to test out Cloudflare, and this was a good way to move a domain that isn’t in my primary use, but still contains functionality I need.
First of all, you need to move your domain to Cloudflare. Cloudflare has a free plan for people like us, that allows us to utilize Cloudflare services in a smaller scale. This is enough for what I’m going to use it for.
Source: Cloudflare Plans and Services
Once you’ve updated your domain and pointed your DNS servers to Cloudflare using their Add a site wizard, you can move forward to configuring a token for updating and setting up ddclient in a docker container. Tokens can be created from My Profile in the Cloudflare user interface. You can either use your Global API key or create a token for this specific use case. If creating a token, it needs the following permissions;
- Zone:DNS:Read permission
- Zone:DNS:Write permission
- “All zones from an account” scope
To set up the docker container, I’ve used the lscr.io community container for ddclient. My configuration differs a little bit, as I’ve specified the Volumes and Networks in the docker-compose.yml. You can find the lscr.io ddclient page here.
The configuratoin file can be found when opening the CLI to the container at /config/ddclient.conf. The following is my configuration with Cloudflare to get dynamic DNS working. Make note of all commas (,) and backslashes (\), as they are the most common reason for things not working. I was missing a comma in the configuration and got the following error “WARNING: skipping host: entry.fqdn.tld: ‘login=’ is an invalid login.”.
daemon=1800 # check every 300 seconds syslog=yes # log update msgs to syslog #mail=root # mail all msgs to root #mail-failure=root # mail failed update msgs to root pid=/var/run/ddclient/ddclient.pid # record PID in file. ssl=yes # use ssl-support. Works with # ssl-library use=web # get IP with website below web='https://cloudflare.com/cdn-cgi/trace' web-skip='ip=' # IP address above is after 'ip=' ## ## CloudFlare (www.cloudflare.com) ## protocol=cloudflare, \ zone=domain.fqdn, \ ttl=5, #firstname.lastname@example.org, \ # Only needed if you are using your global API key. If you are using an API token, set it password='YourGlobalAPIkeyOrGeneratedToken' # This is either your global API key, or an API token. If you are us record.domain.fqdn
Once everything is set, and you’ve added the configuration correctly, the container log should show up as following;
[ls.io-init] done. s6-rc: info: service 99-ci-service-check successfully started Setting up watches. Watches established. WARNING: skipping update of record.domain.fqdn from <nothing> to Ipv4-Address. WARNING: last updated Sat Nov 26 21:29:08 2022 but last attempt on Sat Nov 26 21:29:08 2022 failed. WARNING: Wait at least 5 minutes between update attempts. SUCCESS: updating record.domain.fqdn: IPv4 address set to Ipv4-Address SUCCESS: updating record.domain.fqdn: IPv4 address set to Ipv4-Address SUCCESS: updating record.domain.fqdn: IPv4 address set to Ipv4-Address