I have a DS-Lite (dual stack) connection so that the IPv4 can't be used since I can't open IPv4 ports. How can I configure that this docker image only updates the IPv6 record in cloudflare?

I have tried using it with several subdomain, adding the "SUBDOMAIN" environment variable for each one, but it does only update one of them. Is this even a possibility? is it planned? if not I strongly suggest it.

I would suggest to switch to multi-arch docker images. They contain a manifest and can contain images for multiple architectures and the docker daemon will pull the correct one. With multi-arch you do not have to specify a tag like armhf.

Hi,
i'm trying to set up the cf-ddns, but i get the following error message:

cf-ddns | curl: (6) Could not resolve host: api.cloudflare.com
cf-ddns | ----------------------------------------------------------------
cf-ddns | ERROR: Invalid CloudFlare Credentials - 000
cf-ddns | ----------------------------------------------------------------
cf-ddns | Make sure the API_KEY is correct.

docker-compose:

  cf-ddns:
    container_name: cf-ddns
    image: oznu/cloudflare-ddns:latest
    restart: unless-stopped
    environment:
      - API_KEY=$CLOUDFLARE_ZONE_API_TOKEN
      - ZONE=$DOMAINNAME_DEV
      - PROXIED=true
      - RRTYPE=A
      - DELETE_ON_STOP=false
      - DNS_SERVER=1.1.1.1

i've followed the tutorial and created the zone api token, then added that to the .env file. Any ideas as to why i could be getting this error? I can ping the url from my server

if i have 2 domain on cloudflare so can I add 2 zone?

This reduces dependence on services other than Cloudflare itself.

dig @1.1.1.1 ch txt whoami.cloudflare +short

The slight downside is that this returns a text value which is quoted compared to the A value which is not.

Hi, I'm running into the error message ERROR: Failed To Get Public IPv4 Address and I'm failing to find the reason why this is happening.

When I run the command used to get the IP address dig +short @resolver1.opendns.com myip.opendns.com A manually on the terminal, it works fine.

I'm running the container on a Ubuntu Server 18.04. I have tried setting the network mode to "host", as well using the default, but in both cases I get the same problem.

Any idea on how to debug this?

Love the application! But how do i use it for multiple subdomains?

Comma separated doesn't seem to work :-)

Hello, I am trying to use this script but i always get error:
cloudflare-ddns_1 | ERROR: Failed to update CloudFlare DNS record example.ml from Y.Y.Y.Y to X.X.X.X

cloudflare-ddns_1 | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
cloudflare-ddns_1 | [s6-init] ensuring user provided files have correct perms...exited 0.
cloudflare-ddns_1 | [fix-attrs.d] applying ownership & permissions fixes...
cloudflare-ddns_1 | [fix-attrs.d] done.
cloudflare-ddns_1 | [cont-init.d] executing container initialization scripts...
cloudflare-ddns_1 | [cont-init.d] 30-cloudflare-setup: executing...
cloudflare-ddns_1 | DNS Zone: example.ml (189a359456502834321a727pxksl3h2s)
cloudflare-ddns_1 | DNS Record: example.ml (a97ba1f2d4161afc8f22c18a198kj12m)
cloudflare-ddns_1 | [cont-init.d] 30-cloudflare-setup: exited 0.
cloudflare-ddns_1 | [cont-init.d] 50-ddns: executing...
cloudflare-ddns_1 | Updating CloudFlare DNS record example.ml from Y.Y.Y.Y to X.X.X.X...
cloudflare-ddns_1 | ERROR: Failed to update CloudFlare DNS record example.ml from Y.Y.Y.Y to X.X.X.X
cloudflare-ddns_1 | [cont-init.d] 50-ddns: exited 0.
cloudflare-ddns_1 | [cont-init.d] done.
cloudflare-ddns_1 | [services.d] starting services
cloudflare-ddns_1 | Starting crond...
cloudflare-ddns_1 | crond: crond (busybox 1.31.1) started, log level 6
cloudflare-ddns_1 | [services.d] done.

Love this container - was using a different one, was unaware of the new scoped API keys, got frustrated, found yours, setup was 30 seconds -- thank you.

Not necessary for me at the moment, but if you could consider making it possible to update multiple subdomains, I would appreciate it.

I understand the documentation and previously opened issues mention to use CNAME records, which works for most scenarios, however, there are restrictions with using them:

"MX and NS records cannot point to a CNAME record; they have to point to an A record (for IPv4) or an AAAA record (for IPv6)."

• https://www.cloudflare.com/en-au/learning/dns/dns-records/dns-cname-record/

Adding the ability to A) recursively update all A records in a zone or B) specify more than one sub-domain (comma delimited) would help with this restriction versus the need to run multiple containers to stay in compliance.

While there is a warning about NOT FILLING the email when using a scoped API in the documentation, the email field remains mandatory making it impossible to use it in Unraid with a scoped API.

What made me guess this is the problem on my setup was this message:

ERROR: Invalid CloudFlare Credentials - 400

Make sure the EMAIL and API_KEY variables are correct. You can
get your CloudFlare API Key here:
https://www.cloudflare.com/a/profile

If you are using a zone token please remove the EMAIL variable
from this container.

ipinfo.io is slow sometimes.

Consider change it to other api or provide an env for user to override is by assign env.

Hello,

i would setup Dyndns for my homeserver. But download your Setup and create an API Token and add a subdomain to the DNS List, but get this Error:

ERROR: Zone for domain.tld was not found in your CloudFlare Account

Make sure the ZONE variable is correct and the domain exists
in your CloudFlare account. You can add a new domain here:

https://www.cloudflare.com/a/add-site

the Docker command looks like

docker run
-e API_KEY=xxxxxxxxx
-e ZONE=domain.tld
-e SUBDOMAIN=daheim
oznu/cloudflare-ddns

whats wrong?

i hope you can help me

Hi,

Thanks for building this, however I don't get any IP back when running on RPI 3?

dig @resolver1.opendns.com myip.opendns.com A

yields nothing inside the container.

So i get all these lines:

Updating CloudFlare DNS recordmy.domain.com from XX.XXX.XXX.XX to ...
ERROR: Failed to update CloudFlare DNS record recordmy.domain.com from XX.XXX.XXX.XX to

Is it a bug in the Rpi 3 image?

many homelab use a reserve proxy to proxy local apps at home. For that, they will need multiple domains to update to the same home ip.

are you open to accept such merge request?

i was thinking maybe use SUBDOMAIN with comma separated?

-e SUBDOMAIN=subdomain1,subdomain2,subdomain3 \

I have all of my domains pointing to my home IP behind Cloudflare access. My home IP is whitelisted so it doesn't need to go through authentication, the only issue is, my home IP changes.

I think we can assume that the Cloudflare Acces policy is already setup, so this script would just need to update it with a PUT request: https://api.cloudflare.com/#access-policy-update-access-policy

I would like to update multiple sub domains like:

SUBDOMAIN: nextcloud, home

Hello, sorry for the repeated question, but I was hoping someone might be able to elaborate on how to use CNAMEs to make multiple domains work? I didn't have an issue adding several subdomains to my cloudflare account and managing them through nginx proxy manager, but when I make the secondary domain that I want to forward to the same IP as the first point at the first domain as a CNAME, I get a redirected too many times error. Does anything look off about my configuration?



(Just realized I switched the domain and site wording in one of the screenshots, hoping that doesn't make it too confusing to understand)
Any ideas would be greatly appreciated, thank you!

It is not entirely clear from the documentation how the CRON-option is used.
I have tried - CRON="@hourly" in my docker-compose.yml (doesn't work and gives no error message) and I've tried -CRON="*/20 * * * *" which fails with a parsing error.

Any hints?

I'd like to use a VPN IP instead of the public one. Could there be a config for interface name?

Hey guys. I get this error

jq: error (at :0): Cannot index array with string "content"

Any help?

I was wondering if it was possible to pass the time interval as a parameter or what the frequency of the updates are now by default.

Good morning,
i'm trying to set it up on raspberry pi4, but it update the A record with the proxied ip instead the reeal wan ip. How do i solved it?

Thanks in advance
Shark

I am following the instructions perfectly, I had it working but then had to rebuild the container.

I have created a new API_KEY, pasted that in env using the variable "CLOUDFLAREAPIKEY" and yet I am still getting the above error. I have tried both creating a new token as well as using the global, and even changed the global with neither working.

I am at a loss as to what is going on.

Running in compose.

When trying to run the API manually - I'm getting

{
  "error": "You cannot use this API for domains with a .cf, .ga, .gq, .ml, or .tk TLD (top-level domain). To configure the DNS settings for this domain, use the Cloudflare Dashboard."
}

And indeed i'm using a tk domain.

Is there any way to make this work?

Hi,

Is it possible to update multiple zones (Domains) with a single cloudflare-ddns instance?
At the moment I'm running multiple containers, 1 for each domain, which feels like a lot of overhead.

Is this something that could be added?

Hi there, just recently this has started to fail for me. I've tracked it down to the following:

In app/clouflare.sh it tries a couple of methods. The first one:
dig +short @1.1.1.1 ch txt whoami.cloudflare | tr -d '"'
gives a response of "212.127.0.xxx" - which is a BT proxy, and not my own IP.
Obviously it 'succeeds' so it uses that IP to update Cloudflare DNS. which then fails as BT don't forward it on to me.

The other method:
curl -sf4 https://ipinfo.io | jq -r '.ip'
gives the true IP address of my internet connection (86.155.76.xxx)

The same is true of the IPv6 checks, as far as I can tell.

Obviously your script is just responding to what Cloudflare themselves send back, but is there any way to resolve this?

I have added multiple subdomains in unraid to this container, only the domain and last listed subdomain actually update.

I have added the subdomains as additional optional entries in unraid.

Is this a known issue or am I perhaps doing it wrong?

Thanks

The API key is correct (tested with curl).
Why this can be happening?

Couldn't find it in the docs and can't interpret /usr/sbin/crond -f -l 8 -d 6.

Feature request: Custom time frame

I was going to copy the cron setup for another container I'm building but without a license I cannot use your code. Not a huge problem since there's a million cron-y containers to copy from, but it's still nice to have a license so people know their rights to this work.

not really an issue ...
could You please describe in the readme what is the dns update period / conditions?

Cloudflare lists the Zone ID value on the "Overview" page now which makes it easy to grab. This means the only permission the token requires is DNS edit.

How can I fix this? I have been hardening Cloudflare condiguration, the firewall is not blocking anything but is possible that some setting (TLS 1.3, HTTPS force...) is breaking the IP sync?

[cont-init.d] 50-ddns: exited 0.
[cont-init.d] done.
[services.d] starting services
Starting crond...
crond: crond (busybox 1.31.1) started, log level 6
[services.d] done.
crond: USER root pid 248 cmd /etc/cont-init.d/50-ddns
Updating CloudFlare DNS record XXXX.from XXXXX to ;; connection timed out; no servers could be reached...
Updating CloudFlare DNS record XXXXXX from XXXXXXX to ;; connection timed out; no servers could be reached...
ERROR: Failed to update CloudFlare DNS record XXXXXXXX from XXXXXto ;; connection timed out; no servers could be reached

Thanks for this image, it's very helpful...

It would be nice to have a firewall access rule update to whitelist current public IP.

Use case: I run a homelab and sometimes my rate limits get tripped and bans my home dynamic IP.

Adding date and time that the IP address changes would be a nice feature. Just for the times it changes.

I just opened this issue to point out this limitation of the Cloudflare API:

https://support.cloudflare.com/hc/en-us/articles/360020296512-DNS-Troubleshooting-FAQ#h_84167303211544035341531

It's therefore impossible to use your scripts when using those TLDs.

Just discovered all of this after I extracted your script and understood how to run them on Postman. Then I got the real error message that was "blocking" your script (might be interesting to log that when the script fail).

I think it might be useful to put a disclaimer somewhere for people trying to setup something fast and using those TLDs

I get the following error from my container designated to update my IPv6 with cloudflare: ERROR: Failed to update CloudFlare DNS record rhprivate.de from 2000:16b8:55e4:1300:4972:6e17:cb16:5dd3 to ;; connection timed out; no servers could be reached.

The container is created in docker-compose using the following config:

cloudflare_ddns_v6:
  container_name: cloudflare_ddns_v6
  image: oznu/cloudflare-ddns:latest
  restart: always
  network_mode: host
  environment:
    - ZONE=example.com
    - API_KEY=abcdefghijklmnopqrstuvwxyz
    - PROXIED=TRUE
    - RRTYPE=AAAA

I have a container using a nearly identical configuration for IPv4 updates that works mostly flawlessly; it's only problem: despite of the flag PROXIED=TRUE it always changes the A record to be unproxied.

In addition to passing the Cloudflare API key via an environment variable, it also should be able to be specified via a docker secret

(I plan on opening a PR for this change in due time)

could you release all arch in latest tag ?
docker support multiple arch in same tag. client can choose correct one automaticly.

release them in same tag makes deploy easier. I can use exact same config to deploy to all my nodes whatever its arch.

per-arch tags may still be kept for backwards compatibility

I use unraid and installed the Cloudflare-ddns docker, but i am getting this error message.
I created a custo API Token, and pasted it in the config. Got the first error message, was asked to removed the email record, done that and this is the new error message I get in the log.
PS I replaced my actual address with XYZ

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 30-cloudflare-setup: executing...
DNS Zone: XYZ.cf (lotsofnumbers)
DNS record for 'XYZ.cf' was not found in XYZ.cf zone. Creating now...

ERROR: Failed to create DNS record 'XYZ.cf'

[cont-init.d] 30-cloudflare-setup: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] 50-remove-record: executing...
[cont-finish.d] 50-remove-record: exited 0.
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

more of a feature request but i'd love to see two things

1. able to configure check interval time
2. using apprise, notification on ip change

thanks!

This repo current work flow (maybe) is

1. get the CF_RECORD_ID in the initial process.
2. add the "ddns" cron task which use CF_RECORD_ID in the .conf file
   Let's think of this scenario :
   someone delete the record from the webUI or somewhere else ,
   then the ddns task just give a error while never refresh the CF_RECORD_ID.
   Is this a feature or a bug?

When trying to make the container through Docker Compose it gives an error when it tries to pull the image:
ERROR: pull access denied for onzu/cloudflare-ddns, repository does not exist or may require 'docker login': denied: requested access to the resource is denied

I have used the 'docker login' command and logged in successfully and the image page is normally accessible on Docker Hub but I still get this error.

I can attach my docker-compose.yaml if you'd like but I doubt that the problem lies there.

Any help would be appreciated. Thanks in advance!

I could not pass Cloudflare api token via Docker secrets. With .env variables, this image works perfectly. With secrets, I get:

cf-ddns             | 2020-07-20T21:37:59.573918296Z ----------------------------------------------------------------
cf-ddns             | 2020-07-20T21:37:59.573951022Z ERROR: Invalid CloudFlare Credentials - 400
cf-ddns             | 2020-07-20T21:37:59.573958485Z ----------------------------------------------------------------
cf-ddns             | 2020-07-20T21:37:59.573964225Z Make sure the API_KEY is correct. You can

Here is my Docker Compose:

secrets:
  cloudflare_api_token:
    file: $SECRETSDIR/cloudflare_api_token

services:
  cf-ddns:
    container_name: cf-ddns
    image: oznu/cloudflare-ddns:latest
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    environment: 
      API_KEY_FILE: /run/secrets/cloudflare_api_token
      ZONE: $DOMAINNAME
      PROXIED: "true"
      RRTYPE: A
      DELETE_ON_STOP: "false"
      DNS_SERVER: 1.1.1.1
    secrets: # not working
      - cloudflare_api_token

Any help would be much appreciated.

I need the HTTP proxy in cloudflare but the image disables it at each update.

Please reopen the following issue since it is not resolved: #47

It would be useful if an ability to only update a subdomain was made available. I didn't see any manner in which to not update the primary record/root domain.

Hi

It looks like the TTL is always set to 3hrs, even if I manually set this in the Cloudflare Web UI to 2 minutes, the script resets it to 3hrs each time it updates.

Could you add an environmental variable, so we can specify what the TTL should be set too?

Thanks