Managing a home server or a local lab often comes with a common hurdle: the Dynamic IP address. While services like No-IP or DynDNS offer solutions, their free tiers usually require manual confirmation every 30 days. This manual intervention is prone to human error and service downtime.
A more professional and permanent solution is to use Cloudflare as your DNS provider and leverage its powerful API to create your own Dynamic DNS (DDNS) client. This guide provides a step-by-step technical workflow to automate IP updates.
Prerequisites
- A domain pointed to Cloudflare nameservers.
- A Linux-based server (Ubuntu, Raspberry Pi, etc.) or a environment capable of running Bash scripts.
- Basic knowledge of the command line and
curl.
Step 1: Generate a Cloudflare API Token
For security reasons, do not use your Global API Key. Instead, create a scoped token:
- Log in to the Cloudflare Dashboard and go to My Profile > API Tokens.
- Click Create Token and use the Edit zone DNS template.
- Under Permissions, ensure it says: Zone - DNS - Edit.
- Under Zone Resources, select your specific domain.
- Copy the generated token safely.
Step 2: Retrieve Zone and Record IDs
You need two IDs to target the correct DNS record via API: the Zone ID (found on your domain's Overview page) and the Record ID. You can find the Record ID using the following command:
curl -X GET "https://api.cloudflare.com/client/v4/zones/YOUR_ZONE_ID/dns_records?name=yourdomain.com" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json"Step 3: The Automation Script
Create a script named update-ddns.sh. This script fetches your current public IP and updates Cloudflare only if the IP has changed to minimize API calls.
#!/bin/bash
# Configuration
API_TOKEN="your_api_token"
ZONE_ID="your_zone_id"
RECORD_ID="your_record_id"
RECORD_NAME="home.yourdomain.com"
# Get current public IP
CURRENT_IP=$(curl -s https://api.ipify.org)
# Update DNS Record
curl -X PUT "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records/$RECORD_ID" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json" \
--data "{\"type\":\"A\",\"name\":\"$RECORD_NAME\",\"content\":\"$CURRENT_IP\",\"ttl\":120,\"proxied\":false}"
echo "DNS Updated to $CURRENT_IP"Step 4: Scheduling with Cron
To make this truly "set and forget," schedule the script to run every 5 or 10 minutes using Cron.
# Open crontab
crontab -e
# Add this line to run every 5 minutes
*/5 * * * * /bin/bash /path/to/update-ddns.shStrategic Insights
Security First
Always use Scoped API Tokens instead of Global Keys. If your server is compromised, a scoped token limits the attacker's ability to only modify DNS for a single domain rather than taking over your entire account.
TTL and Caching
Set a low TTL (Time To Live), such as 120 seconds (2 minutes). This ensures that when your IP changes, the DNS propagation happens quickly, reducing downtime for your services.