I ran into an interesting issue this evening which required a creative solution. The age old saying goes, a person is only as good as the tools available within their toolbox.
So, some quick backstory on how I got here. I recently purchased an Ubiquiti Dream Machine Pro to replace my Fortigate 30E-3G4G-NAM. While the Fortigate firewall was completely kicking ass serving as the brains behind my home network, there were some other challenges I faced such as offloading the load on my Synology NAS which was running an Ubiquiti Controller (for my APs), and an Ubiquti Video Controller (my security cameras). The main issue stemmed around the fact that Ubiquti is slowly phasing out support for standalone controllers, specifically the video one. Plus, the extra load on my NAS just wasn’t something I felt comfortable with. The UDM-Pro solves a ton of this with onboard NVR, CloudKey and a variety of other things.
Fly forward and my network has been migrated with a few exceptions. Bi-nightly I sent backups from my NAS to an off-site destination (another Synology NAS) to prevent data-loss in the event of fire/flood/theft (or a complete meltdown) of my on-site NAS. I link my home and the remote site using a VPN so the two NAS devices can talk to one another through (A) an encrypted channel, and (B) on a local IP. This prevents any of my information flowing unencrypted over the open Internet (really important), and also prevents me from having to poke pinholes (or port forwards) in any of my routers at either end (something I’d prefer not to do for security). Part of the problem with a VPN is that you need defined endpoints (where they terminate to). Because both my home and my endpoint are both dynamic IP addresses (meaning, they change from time to time), I have to setup some sort of Dynamic DNS. This is easy with Fortigate as it’s quickly defined in their router firmware, but I just migrated off that service. Problem #1 arises.
Naturally, I looked for a way to do this with Ubiquiti. There’s a list of options, but it’s not all that extensive. Further, I wanted to move more of my DNS onto CloudFlare. I already use them for endless other matters, why would I route my Dynamic DNS through DynDNS or another service. Consolidation is key. Cloudflare, being the kick-ass service they are offer API access into nearly all aspects of your account. This shouldn’t be all that hard knowing that. While I could write a little script to do the heavy lifting on any one of my various hosts in the house, why not use what I have today?
Well, my Synology DiskStation (running DS6 at time of writing this), does offer DDNS, it doesn’t list Cloudflare as one of the options. That’s OK, we can fix that. Here’s how I did it, step-by-step, assuming you have a basic knowledge of DNS and a few other base level matters.
Now, this isn’t a full-on solution as I see it. Technically if Synology decides to push an update to my DS, it _could_ overwrite some of these files I need for this to all work. For today’s purposes it’s running, but I’m currently in the process of finding a more robust and future proof solution. My intuition tells me that I’m going to have to wait for (A) Ubiquti to allow Cloudflare support in their DDNS options, or (B) run a CloudFlare update script in some sort of place that won’t be compromised by updates. The immediate thought goes to running a very small docker container on my DS to act solely to run scripts such as this, and other low resource intensive matters.
© Pasha Solutions. All rights reserved.
All opinions, posts, comments, & content are solely that of Pasha Solutions. They in no way, implied or otherwise, represent the views or opinions of any business, corporation, or entity that Pasha Solutions or it's affiliates may be associated with.