[Solved] Cloudflare dyndns

Installing and Using OpenWrt
10

Dynamic DNS to Cloudflare configuration

As this topic has a good SEO, a bunch of people may find this thread via their preferred search engine. For those people, please find hereby the solution I used to get DynDNS working Cloudflare using an API token.

  • As this feature is not part of the standard OpenWRT installation, we need to install it manually:

    opkg update
opkg install ddns-scripts-cloudflare luci-app-ddns

    All the dependencies (ddns-scripts and curl) will be brought along, you don't need to install them manually.

  • You may need to refresh and reconnect to the web UI in order to see the new Services tab in the upper bar menu.

  • Go to Services > Dynamic DNS

  • In the Services section below, click on the Edit button corresponding to the myddns_ipv4 entry.

  • Select the Basic Settings.

  • In the Lookup Hostname field, specify your domaine like my-subdomain.example.org

  • In the DDNS Service Provider, set the drop down menu to cloudflare.com-v4

  • Next to Really switch service?, click on the Switch service button

  • In the Domain section, specify my-subdomain@example.org. The latter indeeds need a at symbol. (src., src.)

    WARNING: That DNS subdomain record needs to exist into Cloudflare otherwise OpenWRT won't be able to edit it since it doesn't exist. As value you can put a dummy IP address like 127.0.0.1 for IPv4 and fe80:: for IPv6.

  • Go to Cloudflare, in the API Tokens section (https://dash.cloudflare.com/profile/api-tokens) and click on the button Create Token.

  • In the API token templates section, click Use template next to the list item Edit zone DNS.

  • Click on the pencil icon next to the title Token name: Edit zone DNS and specify my-subdomain dyndns

  • Leave the permissions as Zone > DNS > Edit

  • In the Zone resources, set the zone to your domain (e.g. example.org)

  • Scroll down in the page and click the button Continue to summary.

  • Click on the button Create Token

  • Your token is then proposed to you with a command line in order to test it.

  • Back on your OpenWRT based device, in the Username section, specify Bearer:

  • As Password, specify the token you have generated from the previous step at Cloudflare.

  • Check the checbox Use HTTP Secure

  • In the Path to CA-Certificate, specify /etc/ssl/certs.

  • Click on the Save button.

  • Click on Save & Apply

  • Click on the Reload button next to the concerned DynDNS service you just edited.

  • If an error occurs, you can debug it from the interface clicking again the Edit button and going to the Log File Viewer tab and clicking the Read / Reread log file:

  • Redo the exact same configuration for IPv6, the only change you need to apply is the interface where the IPv6 must me grabbed from. Otherwise you will get this error messages from the logs:

    144320 ERROR : Can not detect local IP using network_get_ipaddr6 'wan' - Error: '1' - TERMINATE

    For this, click on Edit

    Select the Advanced Settings tab

    As Network, select the item wan6 in the drop down menu

    WARNING: In order for this step to pass, we had to wait for the DNS cache to expire. Indeed, OpenWRT is using the command nslookup and the later was not finding the DNS AAAA record of my-subdomain.example.org. The command OpenWRT uses:

    nslookup -q=AAAA my-subdomain.example.org
2 Likes