
Cloudflare-sync – Tool for using Cloudflare as a dynamic DNS provider - mxplusb
https://github.com/mxplusb/cloudflare-sync
======
kissgyorgy
This is not very efficient:

\- It updates the records every 30 seconds even if it doesn't have to.

\- It has to be run as a daemon, eating memory and CPU time constantly.

\- only checks one IP service (ipify)

I have a more advanced version, which:

\- you can run as a cron job

\- only updates the records if the IP address actually changed.

\- checks multiple IP services (so in case multiple of them going down, it
will still work)

\- have a better command line interface

[https://github.com/kissgyorgy/cloudflare-
dyndns](https://github.com/kissgyorgy/cloudflare-dyndns)

~~~
judge2020
It would also probably be good to use Cloudflare's own ip lookup service,
available on every CF website's "/cdn-cgi/trace" page. The only thing is that
you need to find a ipv4-only CF website to get the v4 instead of v6.

~~~
miyuru
Accessing the cloudflare IP address directly works.

For example [http://1.1.1.1/cdn-cgi/trace](http://1.1.1.1/cdn-cgi/trace)

~~~
elithrar
IIRC that's never been a public API; more of an artifact for
troubleshooting/support. Relying on it / parsing it directly was never
recommended when I was there.

------
nikisweeting
I wrote a similar script that supports any type of record update, not just A,
7 different public IP providers over multiple methods, config via file / env
variables / cli arguments, and both DigitalOcean + CloudFlare individually or
simultaneously. I use it across my entire fleet of servers, even servers with
static public IPs so that I can snapshot them to new boxes and have all my DNS
records update automatically.

[https://github.com/pirate/bash-
utils/blob/master/dns.sh](https://github.com/pirate/bash-
utils/blob/master/dns.sh)

    
    
        Helper script to update a DNS record on multiple providers.
    

Usage: ./dns.sh --domain=domain.example.com [--get|--set=value] [...options]

Options:

    
    
        [domain]               The DNS domain you want to get or set (required)
    
        --domain=example.com   Same as passing [domain] directly as an argument
        -t=|--type=A           The DNS record type, e.g. A, CNAME, etc. (A default)
    
        -g|--get               Get the record value (the default)
        -s=|--set=value        Set the record value, e.g. 123.235.324.234 or the
                                 special value 'pubip' to use current public ip
    
    
        -l=|--ttl=n            Set the record TTL to n seconds (overrides api default)
        -p=|--proxied          Set the record to be proxied through CDN (Cloudflare only)
        -a=|--api=cf,do        List of DNS providers to use, e.g. all (default) or cf,do
        -r=|--refresh=n        Run continusouly every n seconds in a loop
        -w=|--timeout=n        Wait n seconds before aborting and retrying
        
        -c=|--config=file      Path to a dotenv-formatted config file to load
        -e=|--config-prefix=X  Load config vars with prefix X e.g. X_VERBOSE=1
    
        ...

------
buildbuildbuild
Another little-known Cloudflare tip is to use their Argo product's
TryCloudflare feature when you want to open a localhost port to the world for
experiments, demos.

It enables painless NAT traversal like ngrok, with the added benefit of
Cloudflare's network acceleration and security.

[https://developers.cloudflare.com/argo-
tunnel/trycloudflare/](https://developers.cloudflare.com/argo-
tunnel/trycloudflare/)

~~~
mceachen
Nice! FWIW, it doesn't seem to support streaming, so large payloads can take a
while (as the entire request needs to be returned to cloudflare, and only then
does argo send the response payload back to the client, so you get a double-
latency hit).

------
matthewaveryusa
having cloudflare in front is even better than just DDNS: you can hide your
origin ip and avoid being DOSed.

I then use chrome's ssh extension with nassh-relay[1] to ssh, allowing me to
not ever need to know the ip of my machine.

I have a modified version of docker-cloudflare[2] that also emails me when re-
iping occurs (~once a year), just in case.

[1] [https://github.com/zyclonite/nassh-
relay](https://github.com/zyclonite/nassh-relay)

[2] [https://github.com/joshuaavalon/docker-
cloudflare](https://github.com/joshuaavalon/docker-cloudflare)

------
jgrahamc
Good news is these tools can stop using the global API token on Cloudflare and
use a scoped token just for this purpose: [https://blog.cloudflare.com/api-
tokens-general-availability/](https://blog.cloudflare.com/api-tokens-general-
availability/)

~~~
mfontani
Indeed, "but" the minimum token you can create is one that allows its wielder
to edit a whole zone's DNS, not just (say) one specific record.

------
leetrout
That's cool.

No discredit to the author, they posted about this a few days ago with a
couple other tools [https://support.cloudflare.com/hc/en-
us/articles/36002052451...](https://support.cloudflare.com/hc/en-
us/articles/360020524512-Manage-dynamic-IPs-in-Cloudflare-DNS-
programmatically)

See also [https://dnsomatic.com/](https://dnsomatic.com/) if you'd prefer to
share your info with a third party and not deal with running your own tool.

------
turdnagel
Somewhat related question: when I go to add a domain to CloudFlare, it did a
great job of importing all of my existing DNS records. Since `dig any` doesn't
seem to work anymore, how could they be doing this?

~~~
creeble
They just have a long list of likely host / service names. It misses things
all the time for me, but gets an awful lot correct.

------
vamega
Here's another tool, this one written in Rust that does this:
[https://github.com/nickbabcock/dness](https://github.com/nickbabcock/dness)

------
alias_neo
I wrote a little Go tool a few years back that can use your Digital Ocean
account as a Dynamic DNS provider. It has been running on my EdgeRouter ever
since with a cron job.

[https://github.com/2bytes/dodns](https://github.com/2bytes/dodns)

~~~
MrBuddyCasino
Nice! Very useful, didn't know this was possible.

------
alibert
I have been using [https://github.com/oznu/docker-cloudflare-
ddns](https://github.com/oznu/docker-cloudflare-ddns)

Support IPV6, only update if IP changes, has multiple IP providers, Docker
image available for amd64/arm (alpine).

------
tbyehl
Those who don't learn about ddclient are doomed to re-implement it.

~~~
icebraining
And that's despite CF themselves advocating it:
[https://www.cloudflare.com/technical-
resources/#ddclient](https://www.cloudflare.com/technical-resources/#ddclient)

------
swiley
After using a handfull of dynamic DNS services my gut feeling is that you
should really be running your own DNS server on a static IP and using that for
dynamic DNS. It's pretty much the only way you can be sure something isn't
just going to disapear over night. I guess that's more or less what's going on
here but why bother letting someone else controll it?

~~~
paulfurtado
The purpose of using a dynamic DNS service is because you don't have a static
IP, isn't it?

Services that specifically provide free DDNS may not stick around long, but
professional DNS providers with REST APIs change very rarely. I don't think
cloudflare's DNS service will change very soon.

------
wyattjoh
Also contributing yet another Cloudflare DDNS updater[0]! It was a neat
experiment to play with the API. I've ran it in cron and as a systemd timer.

[0]: [https://github.com/wyattjoh/cloudflare-
ddns](https://github.com/wyattjoh/cloudflare-ddns)

------
creeble
A bash script for the same thing (which I thought originated from Cloudflare,
but maybe not):

[https://gist.github.com/benkulbertis/fff10759c2391b6618dd](https://gist.github.com/benkulbertis/fff10759c2391b6618dd)

------
robmaister
In high school, I had a bash script + cron job that did this exact thing so
that I could host my own Minecraft server on a junky old Dell desktop. I
learned a ton from that setup about Linux and the web in general.

------
josteink
Or just install the ddns-Cloudflare package in OpenWRT and call it a day.

------
vorpalhex
This is very handy! Bonus points for having it all dockerized too!

