Very cool! For anyone interested in a bash script instead of installing a Python runtime, I made this tool some time ago for the same purpose: https://github.com/ddries/d2c.sh
I built the exact same thing 5 years ago and I'm using it daily since then. I never have any problems with it. You don't need a config file for it, just a couple of CLI options and you are good to go. You can install it with pip, docker or downloading a binary:
I guess this is something people have to make? I wrote one 6 years ago in Golang and rewrote it in Rust last year. I have stopped using it, but I had them running for 6 years without issues.
Instead of using DDNS, I have been using Cloudflare tunnels to expose my home services to the internet. The setup is much simpler and it seems like it's more secure too
You specify a port and point it to a subdomain and it just immediately works, no maintenance necessary. The daemon only needs to be installed once with a simple terminal command
– TLS termination mandatorily happens at Cloudflare (i.e. your traffic is mitm'ed). That's because this free product is meant as a gateway drug (aka a loss leader) to Cloudflare's WAF/Anti-DDOS products (which require TLS termination to happen on their side for technical reasons).
– Other TCP protocols (including SSH) require every client to run the software too. So if you were thinking about bypassing the TLS termination restriction by creating a TCP tunnel instead of an HTTP(S) tunnel you can't.
How can you claim it's simpler in the light of the revelations in noname120's comment?
Dynamic DNS is literally one little service you run to "phone home" to the dynamic DNS provider. This service is bundled in consumer routers; just find it in the WebUI, put in the credentials and turn it on.
You know what could be simple: a periodic job that figures out your public IP address, and if it has changed, generates a hosts file entry for it, and e-mails it to you. If all you care about is just you having access to home while you are roaming about, that could do it. It also occurs to me that it makes a good backup strategy in case something goes wrong with DDNS while you are traveling.
For Dynamic DNS you want minimal TTL, ideally less than 60 seconds, otherwise the DNS records will be cached and will not reflect the correct address during the short period of time window it changes.
Dedicated DDNS services usually have very short TTL (some offering as low as 5 seconds IIRC), but free Cloudflare accounts have a minimal TTL of 300 seconds (5 minutes), coupled with the crontab running every 5 minutes, your endpoint could be out of contact for 10 minutes if everything aligns right.
I used ddclient with Cloudflare for years with no issues.
Recently upgraded my home router and the manufacturer operates a free dynamic dns service enabled with a toggle button. I have a cname record in my domain’s dns records pointing to the dynamic dns entry. I actually don’t even need that anymore. All the services I run at home are only for immediate family so only available remotely via a Wireguard vpn connection. I migrated that to the router also because it can do 900Mbs of Wireguard traffic and has a great vpn server management implementation. By default the client configs it generates points to the dynamic dns name. No real need for the cname but I have it out of habit.
Wow! May I know the router model that does 900+mbps of Wireguard? The dedicated GLinet box I got for tailscale does only about 60-90mbps. Apple TV 4K does a paltry 20-40...
Is there any Cloudflare service one can use to determine the IP instead? That way there’s not an extra company in addition to Cloudflare itself that you need to continue existing.
If you too are tired of relying on outdated software from paid services like NoIP and DynDNS, and are in need for a reliable way to manage your home server with your own domain name, try this simple script with a free Cloudflare account. It just gets the job done...
The main difference is that, for security reasons, it uses a "Cloudflare worker" to change the DNS record.
> Since Cloudflare API Token permissions aren't granular enough to limit the token access to a single DNS record, we place a worker in front of it (this way the token with extra priviledges never leaves cloudflare's servers).
I also wrote my own pseudo-DDNS recently! With inspiration from a couple of similar projects on github
Mine is a golang executable that runs directly on my OpenWRT-based router on a 30 minute cron job. The beauty of running it on my router directly is that I can simply query the `eth0` interface for my public ip address - no need for a `curl` to determine my public IP.
You can achieve the same on virtually any DNS hosting with RGAP[1]. The trick is to delegate name of your interest to server which runs RGAP DNS server and let it respond to queries for such domain name. Bonus: you can have more than one address running RGAP-agent and exporting its address to DNS.
A bit of a tangent, but something like PowerDNS authoritative server comes with an API[0] that can be leveraged for similar functionality to what Cloudflare provides.
Decentralization of the internet has to start with Authoritative DNS. I know it's not free to host an authoritative server like this on a VPS, and there are DDoS considerations. But the flip side is that DNS is a metadata protocol and contains a wealth of information that anybody privacy focused should think twice about. It's also an incredibly powerful and important protocol to understand.
If you're privacy-focused, you should run your own recursive resolver. Running your own authoritative server doesn't help much with privacy if clients still go through centralized recursive resolvers to query your domain.
I'm calling out the elephant in the room - you’re putting way too much faith in these IP lookup services without questioning their obvious ability to screw you over with giving the wrong IP. Is no-one in here able to see this is terrible security??
Did a very similar script with Deno/TS with DigitalOcean's DNS. I also setup a couple domains on a small Linux instance to deliver IP address responses. In order to facilitate IP lookups.
This is a pretty nice option for Cloudflare domains. An alternative I use is DomainConnect, which provides free DDNS but the main backer of it is GoDaddy so I had to leave the domain I use it with registered there.
Mine is more barebones since I threw it together quickly in an afternoon. I feel like many a HomeLab person fighting their ISP is taking advantage of this Cloudflare API trick
[+] [-] kurokawad|1 year ago|reply
[+] [-] kissgyorgy|1 year ago|reply
https://github.com/kissgyorgy/cloudflare-dyndns
[+] [-] AndreasBackx|1 year ago|reply
https://github.com/AndreasBackx/update-dns
[+] [-] indigodaddy|1 year ago|reply
[+] [-] thousand_nights|1 year ago|reply
You specify a port and point it to a subdomain and it just immediately works, no maintenance necessary. The daemon only needs to be installed once with a simple terminal command
[+] [-] noname120|1 year ago|reply
– TLS termination mandatorily happens at Cloudflare (i.e. your traffic is mitm'ed). That's because this free product is meant as a gateway drug (aka a loss leader) to Cloudflare's WAF/Anti-DDOS products (which require TLS termination to happen on their side for technical reasons).
– Other TCP protocols (including SSH) require every client to run the software too. So if you were thinking about bypassing the TLS termination restriction by creating a TCP tunnel instead of an HTTP(S) tunnel you can't.
– Max 100 MB uploads for HTTP(S).
– No media servers allowed.
Otherwise it's a really good service!
[+] [-] scosman|1 year ago|reply
I setup some Cloudflare DNS records to the tail scale 100.x IPs to make them easy to remember.
[+] [-] kazinator|1 year ago|reply
Dynamic DNS is literally one little service you run to "phone home" to the dynamic DNS provider. This service is bundled in consumer routers; just find it in the WebUI, put in the credentials and turn it on.
You know what could be simple: a periodic job that figures out your public IP address, and if it has changed, generates a hosts file entry for it, and e-mails it to you. If all you care about is just you having access to home while you are roaming about, that could do it. It also occurs to me that it makes a good backup strategy in case something goes wrong with DDNS while you are traveling.
[+] [-] 1vuio0pswjnm7|1 year ago|reply
Will this work if the "home services" include authoritative DNS.
[+] [-] 2Gkashmiri|1 year ago|reply
[+] [-] rahimnathwani|1 year ago|reply
ddclient already works with Cloudflare: https://developers.cloudflare.com/dns/manage-dns-records/how...
[+] [-] riobard|1 year ago|reply
For Dynamic DNS you want minimal TTL, ideally less than 60 seconds, otherwise the DNS records will be cached and will not reflect the correct address during the short period of time window it changes.
Dedicated DDNS services usually have very short TTL (some offering as low as 5 seconds IIRC), but free Cloudflare accounts have a minimal TTL of 300 seconds (5 minutes), coupled with the crontab running every 5 minutes, your endpoint could be out of contact for 10 minutes if everything aligns right.
[+] [-] mclion|1 year ago|reply
For unproxied records you can set the TTL to 1 minute as per their documentation..
And normally your IP would change only when reconnecting, so it's not a big deal...
[+] [-] dilyevsky|1 year ago|reply
[+] [-] tssva|1 year ago|reply
Recently upgraded my home router and the manufacturer operates a free dynamic dns service enabled with a toggle button. I have a cname record in my domain’s dns records pointing to the dynamic dns entry. I actually don’t even need that anymore. All the services I run at home are only for immediate family so only available remotely via a Wireguard vpn connection. I migrated that to the router also because it can do 900Mbs of Wireguard traffic and has a great vpn server management implementation. By default the client configs it generates points to the dynamic dns name. No real need for the cname but I have it out of habit.
[+] [-] kukkamario|1 year ago|reply
[+] [-] sagz|1 year ago|reply
[+] [-] pdntspa|1 year ago|reply
Which got me into a 4-year exploration of FreeBSD! I'm still a bit sad I had to replace it with Proxmox on Debian to get what I wanted.
[+] [-] codetrotter|1 year ago|reply
Is there any Cloudflare service one can use to determine the IP instead? That way there’s not an extra company in addition to Cloudflare itself that you need to continue existing.
[+] [-] aesopsfable|1 year ago|reply
[+] [-] netsharc|1 year ago|reply
>
> sudo systemctl restart cron
Hello author, there's no need to restart cron, crontab -e applies changes automatically on exit. And the daemon is called "cron", not "cronjobs".
[+] [-] js2|1 year ago|reply
https://github.com/willswire/unifi-ddns
[+] [-] dethos|1 year ago|reply
The main difference is that, for security reasons, it uses a "Cloudflare worker" to change the DNS record.
> Since Cloudflare API Token permissions aren't granular enough to limit the token access to a single DNS record, we place a worker in front of it (this way the token with extra priviledges never leaves cloudflare's servers).
It works very well, no complaints until now.
[+] [-] fippi|1 year ago|reply
Mine is a golang executable that runs directly on my OpenWRT-based router on a 30 minute cron job. The beauty of running it on my router directly is that I can simply query the `eth0` interface for my public ip address - no need for a `curl` to determine my public IP.
https://github.com/jackphilippi/r53-ddns
[+] [-] Snawoot|1 year ago|reply
[1]: https://github.com/SenseUnit/rgap
[+] [-] yuvadam|1 year ago|reply
[1] - https://openwrt.org/packages/pkgdata/ddns-scripts-cloudflare
[+] [-] clwg|1 year ago|reply
Decentralization of the internet has to start with Authoritative DNS. I know it's not free to host an authoritative server like this on a VPS, and there are DDoS considerations. But the flip side is that DNS is a metadata protocol and contains a wealth of information that anybody privacy focused should think twice about. It's also an incredibly powerful and important protocol to understand.
[0] https://doc.powerdns.com/authoritative/http-api/index.html
[+] [-] remram|1 year ago|reply
[+] [-] rogerpeters|1 year ago|reply
[+] [-] eddd-ddde|1 year ago|reply
[+] [-] tracker1|1 year ago|reply
[+] [-] ocdtrekkie|1 year ago|reply
[+] [-] softfalcon|1 year ago|reply
GoLang: https://github.com/wyattjoh/cloudflare-ddns
C#: https://github.com/nick-funk/dyn-dns
Mine is more barebones since I threw it together quickly in an afternoon. I feel like many a HomeLab person fighting their ISP is taking advantage of this Cloudflare API trick
[+] [-] ruskyhacker|1 year ago|reply
https://github.com/zackoch/easy-dynamic-google-cloud-dns