DDNS: Difference between revisions
Brian Wilson (talk | contribs) |
Brian Wilson (talk | contribs) |
||
| Line 37: | Line 37: | ||
Sign up for Cloudflare and let them take care of not just content delivery but also providing DNS for you, for free. | Sign up for Cloudflare and let them take care of not just content delivery but also providing DNS for you, for free. | ||
To get DDNS working with CloudFlare, get an API key from them | To get DDNS working with CloudFlare, get an API key from them. | ||
https://help.ubnt.com/hc/en-us/articles/204976324-EdgeMAX-Custom-Dynamic-DNS-with-Cloudflare | [https://adamtheautomator.com/cloudflare-dynamic-dns/ Setting up Cloudflare] | ||
[https://help.ubnt.com/hc/en-us/articles/204976324-EdgeMAX-Custom-Dynamic-DNS-with-Cloudflare Setting up EdgeRouter] | |||
== Debian set up (Bellman as a firewall) == | == Debian set up (Bellman as a firewall) == | ||
Revision as of 19:34, 25 February 2022
When a server is behind a firewall I want to know when the server's public IP address changes, and to communicate it back to my DNS servers at Cloudflare. To do this I need to know the outside IP address, not the private IP address of the server itself.
(Before 2017 I used Hurricane Electric, https://dns.he.net, they were very good too. HE.net is great for just supporting DNS. Cloudflare is also a free CDN (content delivery network).
DDNS on EdgeRouter
2022-02-22 -- This is what I am using now. The EdgeRouter gets its IP address directly from the Spectrum modem, so it has the most direct connection.
There are instructions on settings this up from CLI at https://help.ui.com/hc/en-us/articles/204952234-EdgeRouter-Built-in-Dynamic-DNS
Currently my set up looks like this (I redacted the password of course). It still reports itself as bellman.wildsong.biz since that's what is referenced in my DNS entries as the way in to my home network.
Ignore information below on Debian and Mikrotik, that's historic now.
configure
show service dns dynamic
interface eth0 {
service custom-cloudflare {
host-name bellman.wildsong.biz
login [email protected]
options "zone=wildsong.biz ssl=yes"
password LONGHASHEDPASSWORDHERE
protocol cloudflare
server www.cloudflare.com
}
}
[edit]
Using Cloudflare
I set up my domain wildsong.biz on Cloudflare on 2017-08-21, as an experiment. It worked so well I abandoned HE.net, for now anyway. Sign up for Cloudflare and let them take care of not just content delivery but also providing DNS for you, for free.
To get DDNS working with CloudFlare, get an API key from them.
Debian set up (Bellman as a firewall)
At that time I was using Bellman as my firewall so I ran ddclient there. This was the setup.
# We're directly connected to the router use=if, if=eth1 daemon=3600 # check every hour syslog=yes # log update msgs to syslog mail=root # mail all msgs to root mail-failure=root # mail failed update msgs to root pid=/var/run/ddclient.pid # record PID in file. zone=wildsong.biz # did not used ta need this before cloudflare huh wuh? # CLOUDFLARE ssl=yes protocol=cloudflare server=www.cloudflare.com [email protected] password=xxxxxx secret api key goes here xxxxxxxx bellman.wildsong.biz
Run this to test, it will spew out information about what happens and it should also send you an email telling the outcome.
ddclient -daemon=0 -debug -verbose -noquiet . . . DEBUG: get_ip: using if, eth1 reports 174.62.120.105 SUCCESS: bellman.wildsong.biz: skipped: IP address was already set to 174.62.120.105.
Using Hurricane
HE.net part: Create a key. You have to create a key on the DNS server so that it will trust updates coming from the Debian server.
- Log into dns.he.net
- Go to the appropriate domain
- Click on the entry for the server (create one if it does not exist)
- Check the box "Enable entry for dynamic DNS. This will also clear the current IP address and set TTL to 5 minutes.
- Click Update.
- There will now be a "recycle" type icon for the entry. Click on it to either enter a key or generate a random key.
Debian: Install and configure a DDNS package.
sudo apt-get install ddclient
/etc/ddclient.conf
# /etc/ddclient.conf protocol=dyndns2 use=cmd # Read ip address from Mikrotik cmd=/usr/local/sbin/get_ip.py server=dyn.dns.he.net login=bellman.wildsong.biz password='eOYop3nMoEaT4a4U' daemon=3600 # check every hour syslog=yes # log update msgs to syslog mail=root # mail all msgs to root mail-failure=root # mail failed update msgs to root pid=/var/run/ddclient.pid # record PID in file. bellman.wildsong.biz
Getting the outside IP address
/usr/local/sbin/get_ip.py contains
#!/usr/bin/env python # # Read our outside IP address from the Mikrotik router. # import sys,subprocess import re args = ['ssh', '[email protected]', '/ip address print'] re_ip = re.compile(r'^ 1 D ([\d\.]+)') p = subprocess.check_output(args) for line in p.split('\n'): mo = re_ip.search(line) if mo: print mo.group(1) exit(0) exit(-1)
This script relies on an account with an SSH key pair so that it can run commands on the router without requiring a password.
Mikrotik "/IP/Cloud" Service
This uses DDNS to talk to a service hosted by Mikrotik, we don't need it right now.
