Triggering DDNS update by DHCP scripts?

I've successfully set up DDNS using CloudFlare on my OpenWRT 25.12.4

It has the default check interval, which I think is 10 minutes.

My ISP connects me over HFC using IPoE ("normal" IP, I opted out of their CGNAT), so all I have is a DHCP client to configure my WAN interface.

Since DHCP can run a script when it detects an IP change, wouldn't it be possible to trigger the DDNS update immediately when the IP address changes?

Without it, my public DNS record could be out of date for up to 10 minutes, and I wouldn't have a way to know when I'm away from my network.

Has anyone done something like this?

See https://openwrt.org/docs/guide-user/services/ddns/client#run_manually and below.

Thank you. I'll try that.

I thought the DDNS app already has the ability to be configured with triggers for an interface.

Also, to change the check interval:

/etc/hotplug.d/iface/95-ddns is watching for ifup and ifdown only and it appears that DHCP renewals may go unnoticed.

Lower the check interval closer to the TTL then. :man_shrugging:

I'm now thinking of adding ifupdate to the list of actions in the hotplug script, I'm not sure it will help, cannot test it myself at the moment.

On my router the path to the script is /etc/hotplug.d/iface/95-ddns
and the idea is to make a change on line 36 from
ifup)
to
ifup|ifupdate)

I'm AFK at the moment, but happy to try it with your instructions when I get to it (in about 20 hours from now, evening Australia time)

I might be missing something but plain renewals don't change the interface's IP address so no need to trigger a DDNS update.

Correct.

But if the address has changed, I'd like to update my DNS record ASAP.

I made the change manually on my system. Let's see how it goes.

I though that was the intended purpose of DDNS.

Are you running a service that is sensitive to IP changes?

It does - but it will catch the address change only after the next time it's scheduled to run (once every 10 minutes).

The service I run isn't "sensitive to IP changes" - I just want to be able to reach my home network whenever and from wherever I want, without wondering whether the address changed recently without the DNS record being updated fast enough.

  • Lowering this doesn't work?
  • Or haven't had an opportunity to test?
  • Just curious (because it matters), what is the public TTL on the A (or AAAA) Record in question (600 or less)?
  • Have you been testing the change by doing an nslookup directly to the provider's DNS server?

nslookup example.com <IPorHost_of_provider_DNS>

Wow, your IP must change a lot and quite often.

To be clear, yes - I do this quite often. Generally, DDNS providers suggest the public TTL be 300 (5 minutes) anyway. So lowering your check interval closer there could help. If you need your checking or updating to be faster than 5 minutes, you may want to consider other options, aside from lowering TTL below 300 (not suggested).

If you're concerned about 10 minutes, I'm not sure 5 is satisfactory? :man_shrugging:

Until I read this thread, I honestly considered 10 minutes excellent.

Maybe I'm overthinking it, but at my job I'm responsible for making systems as close to 100% available as possible, and the thought that the information about an address change is available to the system (a process has just configured the interface with it) and not passed down the chain to where it will be useful until some reparative task that checks every X minutes discovers it annoys me.

I’d avoid editing /etc/hotplug.d/iface/95-ddns directly, because a package upgrade can overwrite it. A small separate hotplug script for just your WAN interface is safer: on ifup/ifupdate, check $INTERFACE = wan, then call the documented manual update for your DDNS service. Add a simple lock/debounce too, because hotplug events can fire more than once. That keeps the normal 10 minute check as a fallback, but gives you the immediate update path when netifd actually reports a change.

This is my /etc/udhcpc.user script (called on DHCP events, like when your WAN gets an IP assigned) which then calls another script to update DDNS:

#!/bin/sh
# shellcheck disable=SC2154
if [ "$INTERFACE" = "wan" ]; then
	ip="$J_T5_source"
	if [ "$ip" != "$(cat /tmp/ddclient_ip 2>/dev/null)" ]; then
		echo "$ip" > /tmp/ddclient_ip
		/usr/bin/logger -t 'dyndns_cf' "$INTERFACE - $interface - $ip"
		/usr/sbin/dyndns_cf "$ip"
	fi
fi
exit 0

The ip address will be passed as "$1" into the script you use (instead of /usr/bin/dyndns_cf). As long as you dyndns update script is sound, this should work well.

Wiki currently suggests creating scripts inside of /etc/udhcpc.user.d/ but mine still gets called inside of /etc/ as well.

It will get triggered (even if your IP hadn't changed) on boot, because it stores previous IP in RAM, not persistent storage, you can change that if you're not concerned about flash wear.

Interesting. At my job, I tend to have to explain to stakeholders that don't have a technical background, that when doing changes like altering a public A record - to expect at least 5-10 minutes (or 9 mim 59 secs) of downtime or inaccessibility. This is after making sure the A record's TTL is already configured for 300 seconds.

Then they want to know why that change and waiting period is necessary before the former is undertaken. I definitely understand.

Then the best option would be to have a VPS and terminate all your incoming connections there and then via a tunnel to your other side.

You could even do dynamic routing via two different Internet uplinks.... Regarding to trying to do 100 % HA with a budget on a shoestring and bubble gum.