Dynamic DNS to Cloudflare configuration
As this topic has a good SEO, a bunch of people may find this thread via their preferred search engine. For those people, please find hereby the solution I used to get DynDNS working Cloudflare using an API token.
-
As this feature is not part of the standard OpenWRT installation, we need to install it manually:
opkg update opkg install ddns-scripts-cloudflare luci-app-ddns
All the dependencies (
ddns-scripts
andcurl
) will be brought along, you don't need to install them manually. -
You may need to refresh and reconnect to the web UI in order to see the new
Services
tab in the upper bar menu. -
Go to
Services
>Dynamic DNS
-
In the
Services
section below, click on theEdit
button corresponding to themyddns_ipv4
entry. -
Select the
Basic Settings
. -
In the
Lookup Hostname
field, specify your domaine likemy-subdomain.example.org
-
In the
DDNS Service Provider
, set the drop down menu tocloudflare.com-v4
-
Next to
Really switch service?
, click on theSwitch service
button -
In the
Domain
section, specifymy-subdomain@example.org
. The latter indeeds need aat
symbol. (src., src.)WARNING: That DNS subdomain record needs to exist into Cloudflare otherwise OpenWRT won't be able to edit it since it doesn't exist. As value you can put a dummy IP address like
127.0.0.1
for IPv4 andfe80::
for IPv6. -
Go to Cloudflare, in the API Tokens section (
https://dash.cloudflare.com/profile/api-tokens
) and click on the buttonCreate Token
. -
In the
API token templates
section, clickUse template
next to the list itemEdit zone DNS
. -
Click on the pencil icon next to the title
Token name: Edit zone DNS
and specifymy-subdomain dyndns
-
Leave the permissions as
Zone
>DNS
>Edit
-
In the
Zone resources
, set the zone to your domain (e.g.example.org
) -
Scroll down in the page and click the button
Continue to summary
. -
Click on the button
Create Token
-
Your token is then proposed to you with a command line in order to test it.
-
Back on your OpenWRT based device, in the
Username
section, specifyBearer
: -
As
Password
, specify the token you have generated from the previous step at Cloudflare. -
Check the checbox
Use HTTP Secure
-
In the
Path to CA-Certificate
, specify/etc/ssl/certs
. -
Click on the
Save
button. -
Click on
Save & Apply
-
Click on the
Reload
button next to the concerned DynDNS service you just edited. -
If an error occurs, you can debug it from the interface clicking again the
Edit
button and going to theLog File Viewer
tab and clicking theRead / Reread log file
: -
Redo the exact same configuration for IPv6, the only change you need to apply is the interface where the IPv6 must me grabbed from. Otherwise you will get this error messages from the logs:
144320 ERROR : Can not detect local IP using network_get_ipaddr6 'wan' - Error: '1' - TERMINATE
For this, click on
Edit
Select the
Advanced Settings
tabAs
Network
, select the itemwan6
in the drop down menuWARNING: In order for this step to pass, we had to wait for the DNS cache to expire. Indeed, OpenWRT is using the command
nslookup
and the later was not finding the DNS AAAA record ofmy-subdomain.example.org
. The command OpenWRT uses:nslookup -q=AAAA my-subdomain.example.org