[Solved] Cloudflare dyndns

Can someone provide a step by step guide,
how to use cloudflare dyndns with a custom api token please?
I always get:

 005036  WARN : CloudFlare reported an error:
 005036       : {"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}
 005036 ERROR : IP update not accepted by DDNS Provider

I created an API token with following acces rights:
Zone.Zone: Read
Zone.DNS: Write
Zoneressource: Include -> Specific Zone -> "domain.com"


this error just started appearing for me too. Either they changed something or it's an API issue.

The DynDNS Scripts from OpenWRT only support the authentication method with the global api key.

But since a have few days there is a different error now:
Could not detect 'record id' for host.domain.tld: domain.name
seems to be fixed upstream

1 Like

I am having this error too. Has there been a fix? I'm already using the global API key.

Version: 2.7.8-2.15

Which one?
Could not detect 'record id' for host.domain.tld: domain.name ?
This should be fixed.
// edit
Somehow i mixed the dyndns problems with the acme ones...

See here:

This is the script I use. I stole it from some github repo days ago but it should still work.

curl -k -X PUT "https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/dns_records/${RECORD_ID}" \
         -H "X-Auth-Email: ${EMAIL}" \
         -H "X-Auth-Key: ${KEY}" \
         -H "Content-Type: application/json" \
         --data '{"type":"A","name":"www","content":"'${IP}'","ttl":1,"proxied":false}'

Hopefully this helps :slight_smile:

EDIT: if still unsure, maybe you'll want to take a loot at Cloudflare's official API documentation

Still seeing this in 21.02-rc1, any fix or workaround?

Version: 2.8.2-7

{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}

I used this guide:

Note: If you want to update a subdomain you have to write it like subdomain@domain.tld in the "domain" field

I use ddns-scripts-cloudflare that requires to have Global API key. But I wish I could use a custom key with limited permission. I have Zone=Read + Write, DNS=Read+Write access but still, it doesn't work.

Dynamic DNS to Cloudflare configuration

As this topic has a good SEO, a bunch of people may find this thread via their preferred search engine. For those people, please find hereby the solution I used to get DynDNS working Cloudflare using an API token.

  • As this feature is not part of the standard OpenWRT installation, we need to install it manually:

    opkg update
    opkg install ddns-scripts-cloudflare luci-app-ddns

    All the dependencies (ddns-scripts and curl) will be brought along, you don't need to install them manually.

  • You may need to refresh and reconnect to the web UI in order to see the new Services tab in the upper bar menu.

  • Go to Services > Dynamic DNS

  • In the Services section below, click on the Edit button corresponding to the myddns_ipv4 entry.

  • Select the Basic Settings.

  • In the Lookup Hostname field, specify your domaine like my-subdomain.example.org

  • In the DDNS Service Provider, set the drop down menu to cloudflare.com-v4

  • Next to Really switch service?, click on the Switch service button

  • In the Domain section, specify my-subdomain@example.org. The latter indeeds need a at symbol. (src., src.)

    WARNING: That DNS subdomain record needs to exist into Cloudflare otherwise OpenWRT won't be able to edit it since it doesn't exist. As value you can put a dummy IP address like for IPv4 and fe80:: for IPv6.

  • Go to Cloudflare, in the API Tokens section (https://dash.cloudflare.com/profile/api-tokens) and click on the button Create Token.

  • In the API token templates section, click Use template next to the list item Edit zone DNS.

  • Click on the pencil icon next to the title Token name: Edit zone DNS and specify my-subdomain dyndns

  • Leave the permissions as Zone > DNS > Edit

  • In the Zone resources, set the zone to your domain (e.g. example.org)

  • Scroll down in the page and click the button Continue to summary.

  • Click on the button Create Token

  • Your token is then proposed to you with a command line in order to test it.

  • Back on your OpenWRT based device, in the Username section, specify Bearer:

  • As Password, specify the token you have generated from the previous step at Cloudflare.

  • Check the checbox Use HTTP Secure

  • In the Path to CA-Certificate, specify /etc/ssl/certs.

  • Click on the Save button.

  • Click on Save & Apply

  • Click on the Reload button next to the concerned DynDNS service you just edited.

  • If an error occurs, you can debug it from the interface clicking again the Edit button and going to the Log File Viewer tab and clicking the Read / Reread log file:

  • Redo the exact same configuration for IPv6, the only change you need to apply is the interface where the IPv6 must me grabbed from. Otherwise you will get this error messages from the logs:

    144320 ERROR : Can not detect local IP using network_get_ipaddr6 'wan' - Error: '1' - TERMINATE

    For this, click on Edit

    Select the Advanced Settings tab

    As Network, select the item wan6 in the drop down menu

    WARNING: In order for this step to pass, we had to wait for the DNS cache to expire. Indeed, OpenWRT is using the command nslookup and the later was not finding the DNS AAAA record of my-subdomain.example.org. The command OpenWRT uses:

    nslookup -q=AAAA my-subdomain.example.org

@shm0 If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

Yeah, this was fixed a while back.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.