I’ve been somewhat pulling my hair out (ok, that’s a lie – I have none) figuring out a way to update a Cloudflare A name using the UDM-Pro. There’s a long list of reasons you’d want to do this, but for my purposes in this instance I want to setup a VPN endpoint. Of course, static IP addresses aren’t something that are common for small business users, and especially not so for home users. Setting manual DNS entries will work for all of a few days and users need something easy to remember that will update whenever the public IP address of the UDM-Pro gets updated (which could be days, weeks, or even months apart).
Ubiquiti’s firmware allows DDNS updates natively within it, but the providers are quite limited, and despite Cloudflare being arguably the most requested one in the forums, they’ve yet to add it. I suspect this is because it’s not as simple as a quick URL call with some variables like DynDNS used to be. There’s some tricky ways to do this using DNSoMatic, but I’m going to be setting this up for a long list of clients, and I also really don’t want to rely on yet another middleware service.
Previously I did this on my Synology NAS which I posted about here, but I wanted something more permanent. This solution graciously utilizes the work of a few people I’d like to credit, specifically boostchicken and timothymiller. To give you some context, the UDM-Pro runs Debian as a core OS, then it basically runs the Unifi-OS within a container. That means we can run other containers alongside the Unifi-OS container and do whatever the hell we want in there. Granted, it’ll chew into the system resources the Unifi-OS uses from the hardware, but this is super minor so we’re not all that worried here. Let’s get going.
unifi-os shell
curl -L https://udm-boot.boostchicken.dev -o udm-boot_1.0.5_all.deb dpkg -i udm-boot_1.0.5_all.deb exit
Make sure to exit out of the Unifi-OS shell, which we did above with “exit”.mkdir -p /mnt/data/cloudflare-ddns
{ "cloudflare": [ { "authentication": { "api_token": "Qjlkjs9sWKzQhE983ks0k30s0ab2e9s8ZxATX0tAAaz", "api_key": { "api_key": "83661alks93kd09ks8kpsk0dgb75c087wP", "account_email": "[email protected]" } }, "zone_id": "142d77681af781e09lacddc888dcbdf9fb8d61", "subdomains": [ "testsubdomain" ], "proxied": false, "ttl": 120 } ] }
cd /mnt/data/on_boot.d
#!/bin/sh CONTAINER=cloudflare-ddns # Starts a cloudflare ddns container that is deleted after it is stopped. # All configs stored in /mnt/data/cloudflare-ddns if podman container exists "$CONTAINER"; then podman start "$CONTAINER" else podman run -i -d --rm \ --net=host \ --name "$CONTAINER" \ --security-opt=no-new-privileges \ -v /mnt/data/cloudflare-ddns/config.json:/config.json \ timothyjmiller/cloudflare-ddns:latest fi
chmod 744 30-cloudflare-ddns.sh
/mnt/data/on_boot.d/30-cloudflare-ddns.sh
#
podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c09d3eea6b9d docker.io/timothyjmiller/cloudflare-ddns:latest python -u /cloudf... 40 minutes ago Up 40 minutes ago cloudflare-ddns
3643198165d5 localhost/unifi-os:latest /sbin/init 2 months ago Up 22 hours ago
unifi-os #
# podman logs cloudflare-ddns
⚙️ Individually disable IPv4 or IPv6 with new config.json options. Read more about it here: https://github.com/timothymiller/cloudflare-ddns/blob/master/README.md
?️ Updating IPv4 (A) & IPv6 (AAAA) records every 5 minutes
? IPv6 not detected
? Updating record {'type': 'A', 'name': 'testsubdomain', 'content': '123.456.789.10', 'proxied': False, 'ttl': 300}
#
And that’s about that. It’s pretty straightforward stuff, but if you’re not familiar with using tools such as an SSH client, vi, or just generally working in a *nix shell, this is likely going to feel pretty intimidating. If that’s the case, I would welcome you to reach out and I’m sure I can give you a hand.
E: [email protected]
Toll Free : 1.833.4.MY.OSIT
Phone : 647.479.5036
Fax : 647.945.9801
1015 - 96 St Patrick St
Toronto, ON
M5T 1V2
© Open Source IT Solutions. All rights reserved.
All opinions, posts, comments, & content are solely that of OSIT Solutions. They in no way, implied or otherwise, represent the views or opinions of any business, corporation, or entity that OSIT Solutions or it's affiliates may be associated with.