Using Cloudflare API and Shell Script for Dynamic DNS Updates

1. Obtain Cloudflare API Token

To use the Cloudflare API for DNS updates, you need to obtain an API token:

1. Log in to Cloudflare:
   • Go to your Cloudflare account.
   • Navigate to “My Profile” -> “API Tokens”.
2. Create an API Token:
   • Create a new API token using the “Edit Zone DNS” template.
   • Specify your domain name to limit access to DNS operations.

2. Install Required Tools

Ensure curl and jq are installed on your system. On OpenWrt, you can install them using:

opkg update
opkg install curl jq

3. Write the Shell Script (cf_ddns.sh)

Create a shell script that updates Cloudflare DNS records. Here’s an example script (cf_ddns.sh):

#!/bin/bash
# cf_ddns.sh

# Cloudflare API Token
API_TOKEN=""

# Zone ID and Record ID
ZONE_ID=""
RECORD_ID=""

# Domain name and Record type
RECORD_NAME=""
RECORD_TYPE="A"

# Get current public IP
IP=$(curl -s http://ipv4.icanhazip.com)
echo "Local IP: $IP"

# Get current DNS record IP and proxied status
RESPONSE=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records/$RECORD_ID" \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "Content-Type: application/json")
RECORD_IP=$(echo $RESPONSE | jq -r '.result.content')
PROXIED=$(echo $RESPONSE | jq -r '.result.proxied')

echo "DNS Record IP: $RECORD_IP"

# Update DNS record if IP addresses are different or if proxied status is false
if [ "$IP" != "$RECORD_IP" ] || [ "$PROXIED" = "false" ]; then
  curl -s -X PUT "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records/$RECORD_ID" \
    -H "Authorization: Bearer $API_TOKEN" \
    -H "Content-Type: application/json" \
    --data "{\"type\":\"$RECORD_TYPE\",\"name\":\"$RECORD_NAME\",\"content\":\"$IP\",\"ttl\":120,\"proxied\":true}"
fi

4. Initial Setup (run_once.sh)

Prepare a script (run_once.sh) to initialize and configure cf_ddns.sh:

#!/bin/bash
# run_once.sh

DOMAIN="example.com"
RECORD_NAME="sub.example.com"
API_TOKEN="your_cloudflare_api_token"
CERT_PEM="./example.com.pem"
CERT_KEY="./example.com.key"
SCRIPT2_PATH="./cf_ddns.sh"

echo "Getting Zone ID for domain: $DOMAIN"
ZONE_RESPONSE=$(curl --tlsv1.2 --cert $CERT_PEM --key $CERT_KEY -s -X GET "https://api.cloudflare.com/client/v4/zones?name=$DOMAIN" \
    -H "Authorization: Bearer $API_TOKEN" \
    -H "Content-Type: application/json")

echo "Zone response: $ZONE_RESPONSE"

ZONE_ID=$(echo $ZONE_RESPONSE | jq -r '.result[0].id')

if [ -z "$ZONE_ID" ] || [ "$ZONE_ID" == "null" ]; then
    echo "Failed to get Zone ID"
    exit 1
else
    echo "Zone ID: $ZONE_ID"
fi

echo "Getting Record ID for record: $RECORD_NAME"
RECORD_RESPONSE=$(curl --tlsv1.3 --cert $CERT_PEM --key $CERT_KEY -s -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records?name=$RECORD_NAME" \
    -H "Authorization: Bearer $API_TOKEN" \
    -H "Content-Type: application/json")

echo "Record response: $RECORD_RESPONSE"

RECORD_ID=$(echo $RECORD_RESPONSE | jq -r '.result[0].id')

if [ -z "$RECORD_ID" ] || [ "$RECORD_ID" == "null" ]; then
    echo "Failed to get Record ID"
    exit 1
else
    echo "Record ID: $RECORD_ID"
fi

echo "Updating ${SCRIPT2_PATH} with the obtained IDs and RECORD_NAME"

cp $SCRIPT2_PATH "${SCRIPT2_PATH}.bak"

sed -i "s|API_TOKEN=.*|API_TOKEN=\"$API_TOKEN\"|" $SCRIPT2_PATH
sed -i "s|ZONE_ID=.*|ZONE_ID=\"$ZONE_ID\"|" $SCRIPT2_PATH
sed -i "s|RECORD_ID=.*|RECORD_ID=\"$RECORD_ID\"|" $SCRIPT2_PATH
sed -i "s|RECORD_NAME=.*|RECORD_NAME=\"$RECORD_NAME\"|" $SCRIPT2_PATH

echo "${SCRIPT2_PATH} has been updated."

5. Configure a Cron Job

Schedule cf_ddns.sh to run periodically using cron:

1. Save the script: Save cf_ddns.sh to a location on your OpenWrt router, e.g., /root/update_ddns.sh.

2. Set execute permissions: Make the script executable:

   chmod +x /root/update_ddns.sh
   

3. Edit cron tab: Edit the cron tab to add a job:

   crontab -e
   

4. Add cron job: Add the following line to run the script every 5 minutes:

   */5 * * * * /root/update_ddns.sh
   

By following these steps, you can implement dynamic DNS updates on OpenWrt using the Cloudflare API. The script will automatically check the current IP address and update your Cloudflare DNS record at regular intervals, providing DDNS functionality.

Notes

• Security: Keep your API token (your_cloudflare_api_token) secure and avoid exposing it in public scripts or files.
• Logging: Monitor script execution and check logs (/var/log/syslog or specific script logs) for any errors or issues encountered.
• An important point: include geosite:cloudflare in the direct rules to ensure that pinging api.cloudflare.com is successful.