net/ddns-scripts: add API-based registered IP verification for Cloudflare proxied records #28185
+196
−131
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…lare proxied records Introduced optional API verification for Cloudflare to handle proxied records accurately. Added UCI option 'use_api_check'. Updated parsing and simplified update script.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
This patch introduces optional API-based verification of registered IPs for Cloudflare services, addressing inaccuracies in DNS lookups for proxied (orange cloud) records. It prevents unnecessary updates by fetching the origin IP directly via the Cloudflare API v4.
Problem Addressed:
The standard DDNS scripts rely on DNS lookups (e.g., via nslookup or host) to verify registered IPs. For providers like Cloudflare with proxied records (orange cloud enabled), this returns the provider's edge IP instead of the origin server's IP, leading to incorrect comparisons, unnecessary update attempts, and potential rate limiting. Workarounds like dummy subdomains or CNAMEs are cumbersome.
Solution Overview:
This PR adds optional API-based verification for Cloudflare, fetching the record's "content" (origin IP) directly. It is enabled via a new UCI option
use_api_check '1'in/etc/config/ddnssections withservice_name 'cloudflare.com-v4'. The implementation reuses existing authentication (username/password as API credentials) and handles IPv4/IPv6, retries, and errors consistently with the DNS fallback.Detailed Changes:
dynamic_dns_functions.sh:
use_api_check=0if unset.get_registered_ip()with Cloudflare API logic: Sets up curl with headers, fetches zone/record IDs (supporting optionalparam_optfor pre-defined IDs), retrieves the IP content, and integrates with existing retry loop.$domainfor accurate zone queries with subdomains.use_api_check=0or for other providers.dynamic_dns_updater.sh:
use_api_check.update_cloudflare_com_v4.sh:
get_registered_ip(). Assumes update is needed when called.dynamic_dns_lucihelper.sh:
-a(enablesuse_api_check=1), ensuring compatibility with LUCI-based testing.No changes to package dependencies (relies on existing
curlandjsonfilter). The patch is modular and tested for no impact on non-Cloudflare services.Testing Performed:
use_api_check; verified DNS fallback works for Cloudflare and other providers (e.g., No-IP).make package/ddns-scripts/check V=spasses; no compilation errors. All added functionality operates correctly, with accurate IP detection and no unwarranted updates.References:
This enhances usability for Cloudflare users without affecting existing setups. Feedback welcome.
📦 Package Details
Christian Schoenebeck @chris5560
Florian Eckert @feckert
🧪 Run Testing Details
✅ Formalities