Updating Cloudflare DNS With Synology Diskstation

I ran into an interesting issue this evening which required a creative solution. The age old saying goes, a person is only as good as the tools available within their toolbox. 

So, some quick backstory on how I got here. I recently purchased an Ubiquiti Dream Machine Pro to replace my Fortigate 30E-3G4G-NAM. While the Fortigate firewall was completely kicking ass serving as the brains behind my home network, there were some other challenges I faced such as offloading the load on my Synology NAS which was running an Ubiquiti Controller (for my APs), and an Ubiquti Video Controller (my security cameras). The main issue stemmed around the fact that Ubiquti is slowly phasing out support for standalone controllers, specifically the video one. Plus, the extra load on my NAS just wasn’t something I felt comfortable with. The UDM-Pro solves a ton of this with onboard NVR, CloudKey and a variety of other things. 

Fly forward and my network has been migrated with a few exceptions. Bi-nightly I sent backups from my NAS to an off-site destination (another Synology NAS) to prevent data-loss in the event of fire/flood/theft (or a complete meltdown) of my on-site NAS. I link my home and the remote site using a VPN so the two NAS devices can talk to one another through (A) an encrypted channel, and (B) on a local IP. This prevents any of my information flowing unencrypted over the open Internet (really important), and also prevents me from having to poke pinholes (or port forwards) in any of my routers at either end (something I’d prefer not to do for security). Part of the problem with a VPN is that you need defined endpoints (where they terminate to). Because both my home and my endpoint are both dynamic IP addresses (meaning, they change from time to time), I have to setup some sort of Dynamic DNS. This is easy with Fortigate as it’s quickly defined in their router firmware, but I just migrated off that service. Problem #1 arises.

Naturally, I looked for a way to do this with Ubiquiti. There’s a list of options, but it’s not all that extensive. Further, I wanted to move more of my DNS onto CloudFlare. I already use them for endless other matters, why would I route my Dynamic DNS through DynDNS or another service. Consolidation is key. Cloudflare, being the kick-ass service they are offer API access into nearly all aspects of your account. This shouldn’t be all that hard knowing that. While I could write a little script to do the heavy lifting on any one of my various hosts in the house, why not use what I have today?

Well, my Synology DiskStation (running DS6 at time of writing this), does offer DDNS, it doesn’t list Cloudflare as one of the options. That’s OK, we can fix that. Here’s how I did it, step-by-step, assuming you have a basic knowledge of DNS and a few other base level matters.

1. Login to my Cloudflare account, and create a subdomain for my home. I named it something like “myhome.pasha.solutions”, and assigned it the IP address 1.1.1.1 to get started.
2. SSH into my Synology NAS, and install this wonderful little script : https://github.com/mrikirill/SynologyDDNSCloudflareMultidomain – Of course, follow along the directions within that GitHub page for more info.
3. In my CloudFlare account, I go to “My Profile”, then click on “API Tokens”, and get my Global API Key. 
4. While still in my SSH session with my NAS, I edit my DDNS providers list using Nano. If you’re comfortable with VI, that’s cool, but nano is the jam in my world. (VI is native for Synology, nano can easily be added through the SynoCommunity packages, specifically the SynoCliFile Tools).
5. Add a few lines to my /etc.defaults/ddns_provider.conf file, and set the parameters in my Synology DDNS menu.
6. Test, push, and voila. Cloudflare’s IP address for my subdomain is updated.

Now, this isn’t a full-on solution as I see it. Technically if Synology decides to push an update to my DS, it _could_ overwrite some of these files I need for this to all work. For today’s purposes it’s running, but I’m currently in the process of finding a more robust and future proof solution. My intuition tells me that I’m going to have to wait for (A) Ubiquti to allow Cloudflare support in their DDNS options, or (B) run a CloudFlare update script in some sort of place that won’t be compromised by updates. The immediate thought goes to running a very small docker container on my DS to act solely to run scripts such as this, and other low resource intensive matters.