Prerequisites
- A domain that is managed by Cloudflare.
- A router by Ubiquiti (for example the UniFi Dream Machine or the UniFi Security Gateway).
- A device running the UniFi Network Management Controller. You can either use something like the UniFi Cloud Key which is a small computer is being sold by Ubiquti and runs the Network Management Controller for you or follow this guide to set up your own UniFi Network Controller on your already existing hardware.
The following tools are only needed if you are using something like the UniFi Cloud Key
- A SSH Client (for example Putty if you are using Windows)
- A FTP Client (for example FileZilla if you are using Windows)
Getting Started
First you need to get a Global API Key from Cloudflare. For that you need to open this page and click on "Change" first to regenerate your API Key and afterwards on "View"
Now you need to add a DNS A record to your domain that is pointing to 127.0.0.1
After creating your DNS record you need to create a config.gateway.json file with the following content:
{
"service": {
"dns": {
"dynamic": {
"interface": {
"<The network interface that is facing the internt. For me it's eth0, but could be different for you>": {
"service": {
"cloudflare": {
"host-name": [
"<The name of the previous created A record. subdomain.example.org for example>"
],
"login": "<Your Cloudflare E-Mail address>",
"options": [
"zone=<Your domain. example.org for example>"
],
"password": "<Your Cloudflare API Key>",
"protocol": "cloudflare",
"server": "api.cloudflare.com/client/v4"
}
},
"web": "dyndns"
}
}
}
}
}
}
You need to replace the placeholders with your own data. To get the interface that you are using you need to SSH into your router and enter ip addr to see the network interfaces of your router.
Now you ned to copy the file to the <unifi_base>data/sites/default directory. The <unifi_base> path is different for each platform:
- UniFi Cloud Key: /usr/lib/unifi
- Debian/Ubuntu Linux: /usr/lib/unifi
- Windows: %userprofile%/Ubiquiti UniFi.
- macOS: ~/Library/Application Support/UniFi
(Source)
Aftwards you need to update the old version of ddclient on your Unifi router:
- First you need to connect to the router via SSH. If you don't know how to connect to your router via SSH take a look at this article from Ubiquiti
- Now you need to make a copy of your existing ddclient:
sudo cp usr/sbin/ddclient /usr/sbin/ddclient.bak
- The only thing left to do is to update ddclient to the new version provided by Ubiquti:
curl -O ttps://dl.ubnt.com/firmwares/edgemax/afomins/ddlient-with-cloudflare-v4-api-support-000/ddclient && sudo chmod +x ddclient && sudo mv ddclient /usr/sbin/ddclient
(Source)
This is only a temporary workaround. You are going to need to upgrade the ddclient everytime you upgrade the firmware of your router.
The final step is to force provision your router with the new config. To force provision your router you first need to go to the clients list in your UniFi Network Controller
and open the property panel with a click on your router. Now you need to open the settings of your router in the opened side panel
go to the Manage Device section and click on Provision
Checking the result
To check if your dynamic DNS is working open a command line and enter nslookup <DNS A Record> 8.8.8.8> to check the IP address that is being reported to Cloudflare by the Ubiquti router
> nslookup <DNS A Record> 8.8.8.8
Server: dns.google
Address: 8.8.8.8
Nicht autorisierende Antwort:
Name: subdomain.example.org
Address: XXX.XXX.XXX.XXX
Troubleshooting
If the external IP address does not match your external IP you need to SSH into your router again and enter update dns dynamic interface eth0 to force an update of your dynamic dns record and show dns dynamic status after waiting a few seconds to see the current status of your dynamic dns:
> update dns dynamic interface eth0
> show dns dynamic status
interface : eth0
ip address : XXX.XXX.XXX.XXX
host-name : subdomain.example.org
last update : Fri Jul 1 12:00:00 2020
update-status: good