[HN Gopher] Free DDNS with Cloudflare and a cronjob
___________________________________________________________________
Free DDNS with Cloudflare and a cronjob
Author : aesopsfable
Score : 187 points
Date : 2024-07-26 20:07 UTC (1 days ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| aesopsfable wrote:
| If you too are tired of relying on outdated software from paid
| services like NoIP and DynDNS, and are in need for a reliable way
| to manage your home server with your own domain name, try this
| simple script with a free Cloudflare account. It just gets the
| job done...
| netsharc wrote:
| > restart cronjobs
|
| >
|
| > sudo systemctl restart cron
|
| Hello author, there's no need to restart cron, crontab -e
| applies changes automatically on exit. And the daemon is called
| "cron", not "cronjobs".
| ocdtrekkie wrote:
| This is a pretty nice option for Cloudflare domains. An
| alternative I use is DomainConnect, which provides free DDNS but
| the main backer of it is GoDaddy so I had to leave the domain I
| use it with registered there.
| rahimnathwani wrote:
| I would have thought that most people who need this today (e.g.
| those who were using Google Domains DDNS) already have ddclient
| installed.
|
| ddclient already works with Cloudflare:
| https://developers.cloudflare.com/dns/manage-dns-records/how...
| kissgyorgy wrote:
| I built the exact same thing 5 years ago and I'm using it daily
| since then. I never have any problems with it. You don't need a
| config file for it, just a couple of CLI options and you are good
| to go. You can install it with pip, docker or downloading a
| binary:
|
| https://github.com/kissgyorgy/cloudflare-dyndns
| indigodaddy wrote:
| You're the redbean-docker guy!
| AndreasBackx wrote:
| I guess this is something people have to make? I wrote one 6
| years ago in Golang and rewrote it in Rust last year. I have
| stopped using it, but I had them running for 6 years without
| issues.
|
| https://github.com/AndreasBackx/update-dns
| codetrotter wrote:
| Seems to rely on https://api.ipify.org/ to determine public IP.
|
| Is there any Cloudflare service one can use to determine the IP
| instead? That way there's not an extra company in addition to
| Cloudflare itself that you need to continue existing.
| teamspirit wrote:
| https://www.cloudflare.com/cdn-cgi/trace will return your ip.
| mxuribe wrote:
| The (above) shared url leveraging the cloudflare.com domain
| name seems to show ip v6 address, while I've noticed that the
| following defaults to showing ip v4 address:
| https://1.1.1.1/cdn-cgi/trace
|
| Pick your poison as you wish - either is great! :-)
| codetrotter wrote:
| I'd pick the one that supports IPv6 and then make two
| separate requests to it. One request over IPv4 and one over
| IPv6. curl -4
| https://www.cloudflare.com/cdn-cgi/trace curl -6
| https://www.cloudflare.com/cdn-cgi/trace
|
| Also the reason that the 1.1.1.1 one shows only IPv4
| address is because 1.1.1.1 is itself an IPv4 address. So
| any connection to it will have to be using IPv4.
| tcfhgj wrote:
| could you not retrieve your ipv6 directly from the
| system?
| codetrotter wrote:
| Yes, but getting it in a response from an external server
| means I don't have to be specific about which interface
| to get the IPv6 address of and so on.
| tcfhgj wrote:
| the same specific interface used to contact the external
| server
| wizzwizz4 wrote:
| i.e., an arbitrarily-selected interface capable of
| reaching Cloudflare.
| codetrotter wrote:
| Which is neatly abstracted away so you don't have to
| think about it unless you want to. And therefore reaching
| out to an external server and having it say where the
| request came from is the path of least resistance for a
| script that can work across different hosts with minimal
| machine specific configuration.
|
| Listen, if you want to check the IPv6 address from the
| interface list go ahead I'm not trying to stop you.
|
| But because I anyway need to reach a third party to know
| my own IPv4 address then yeah when that third party can
| also tell me IPv6 address _I'm gonna do it that way_.
| macote wrote:
| This is how I use it in my bash script:
| current_ip=$(curl -s -X GET https://1.1.1.1/cdn-cgi/trace |
| grep -Po "(?<=ip=)(.*)")
| networked wrote:
| I find awk more clear for this kind of job. You can replace
| grep -Po "(?<=ip=)(.*)"
|
| with awk -F= '$1 == "ip" { print $2 }'
| victorbjorklund wrote:
| You could do it with a cloudflare worker that just returns the
| ip address of the request
| victorbjorklund wrote:
| Nevermind. The other answer is better
| gothink wrote:
| I feel like it's worth mentioning icanhazip.com [0] as well,
| since it's now run by Cloudflare [1]. Until recently switching
| to a custom CF worker, that's been by go-to for ages.
|
| [0]: https://www.icanhazip.com/ [1]: https://major.io/p/a-new-
| future-for-icanhazip/
| noname120 wrote:
| Does Cloudflare have a history of sunsetting products they've
| bought? Acquisitions by Google, Apple, Meta, etc. are yellow
| flags that the product may cease to exist soon. I wonder if
| Cloudflare has a better track record in that regard.
| godzillabrennus wrote:
| No one sunsets products like Google.
|
| I'm in the middle of transferring all my domains from
| Squarespace thanks to Googles sale of that business to that
| incredibly lousy vendor.
| CSSer wrote:
| Ugh, same. You're right. Nothing is safe at Google or
| even a safe bet with Google. Look at third-party cookies.
| I can't believe there isn't outrage in the streets over
| the fact that they beat that drum for four straight years
| and now they suddenly have a change of heart.
|
| At some point their rationale has to become irrelevant.
| It's simply unprofessional behavior.
| blooalien wrote:
| May I inquire who you're moving to, and where I might
| browse to in order to follow you away from Squarespace /
| Google Domains? :)
| pxx wrote:
| the correct answer I think is cloudflare? I'm a little
| wary of internet homogenization like this but I haven't
| the time to worry about this sort of thing for my spare
| one-off domains
| _0xdd wrote:
| This is how I ended up on Cloudflare. Burn by Google yet
| again.
| tomschlick wrote:
| Not that I'm aware of and this is likely now just a
| cloudflare worker that returns the IP they already have. I
| would imagine maintenance is basically zero as its feature
| complete.
| szundi wrote:
| True but there is no such thing as zero maintenance
| fullspectrumdev wrote:
| Kind of, you can use the CF CDN to grab an external IP by using
| any CF site.
|
| Example: https://www.fullspectrum.dev/a-less-suspect-way-to-
| get-exter...
| genewitch wrote:
| there's a way to tell caddy server to host its own access.log
|
| So you have some junk VPS or whatever that just has caddy
| hosting its log with an easy to remember domain (they're cheap
| enough), and you go like "curl
| http://easydomain.com/idreallylikemyip" and then once more:
| curl http://easydomain.com/N | grep "idreallylikemyip"
|
| the code that _used_ to work is on my github, i uploaded it
| there a week or two ago. Someone who needs a way to find out
| the public ipv4 of any device not just their own can probably
| figure out how to get it to work again!
| dathery wrote:
| You can have Caddy return the user's IP address directly:
| https://caddy.community/t/caddy-server-that-returns-only-
| ip-...
|
| Similar things are also possible with nginx and Apache.
| genewitch wrote:
| this was implemented in 2018, but it is good to know. it
| also doubled as a dumb way to pass messages between hosts.
| hirako2000 wrote:
| Nice idea, to note Cloudflare supports tunneling.
| thousand_nights wrote:
| Instead of using DDNS, I have been using Cloudflare tunnels to
| expose my home services to the internet. The setup is much
| simpler and it seems like it's more secure too
|
| You specify a port and point it to a subdomain and it just
| immediately works, no maintenance necessary. The daemon only
| needs to be installed once with a simple terminal command
| noname120 wrote:
| There are some limitations such as:
|
| - TLS termination mandatorily happens at Cloudflare (i.e. your
| traffic is mitm'ed). That's because this free product is meant
| as a gateway drug (aka a loss leader) to Cloudflare's WAF/Anti-
| DDOS products (which require TLS termination to happen on their
| side for technical reasons).
|
| - Other TCP protocols (including SSH) require every client to
| run the software too. So if you were thinking about bypassing
| the TLS termination restriction by creating a TCP tunnel
| instead of an HTTP(S) tunnel you can't.
|
| - Max 100 MB uploads for HTTP(S).
|
| - No media servers allowed.
|
| Otherwise it's a really good service!
| thousand_nights wrote:
| Some good points, thanks.
|
| FWIW, I have been using it with Plex (just two users, me and
| my parents) and haven't gotten banned. The ToS are kind of
| unclear on whether this is allowed if I have to be honest.
| jsheard wrote:
| Video streaming in general is one of their red lines,
| you're not supposed to shove any kind of video through
| their CDN unless the origin is another Cloudflare product
| (e.g. CF Stream or R2).
| thousand_nights wrote:
| From the discussions I've read, it's not as clear cut,
| e.g.:
|
| https://old.reddit.com/r/PleX/comments/152wfdh/can_i_use_
| a_c...
| jsheard wrote:
| It rarely is clear cut with Cloudflare, many of their
| policies are ambiguous so you never really know if you're
| stepping over the line until you get an email from sales
| asking you to either cut it out, start paying, or pay
| more. Others experience might give you a rough idea of
| what they'll tolerate, but since none of it is in writing
| they can change their minds on a whim.
| gunapologist99 wrote:
| Agreed with sibling, but TBH if you're just using it for
| personal streaming, it's not likely to trip any bandwidth
| alerts on a free account, and CF will probably be happy
| that you're using it for personal stuff (because you'll
| probably take it with you to your day job too)
| password4321 wrote:
| Just don't show up on some motivated salesperson's
| prospects report.
|
| https://news.ycombinator.com/item?id=40481808#40482405
| 12345hn6789 wrote:
| FWIW that thread looks to be a casino being black listed
| after trying to negotiate down cloud flares enterprise
| plan.
| vladvasiliu wrote:
| > - TLS termination mandatorily happens at Cloudflare (i.e.
| your traffic is mitm'ed). That's because this free product is
| meant as a gateway drug (aka a loss leader) to Cloudflare's
| WAF/Anti-DDOS products (which require TLS termination to
| happen on their side for technical reasons).
|
| But on the flip side, this allows you to have a nice
| certificate on your outside connection without having to
| fiddle with letsencrypt or whathaveyou.
| KennyBlanken wrote:
| If someone finds LetsEncrypt challenging, they don't have
| sufficient network andsystem administrator skills to be
| running a private, public-facing web server. They should be
| running tailscale.
| janwillemb wrote:
| Parent did not say it was challenging.
|
| I find fiddling with LE tedious because it has to be
| repeated too often.
| slt2021 wrote:
| certbot and crontab needs to be setup just once, to solve
| cert problem
| vladvasiliu wrote:
| Well, one of the "challenges" is the one in a different
| comment: most registrars don't allow fine-grained control
| over who can update what DNS records.
|
| _Can_ it be done? Sure. But do I want to spend money on
| this for my home lab if I can work around it? Not a
| chance.
|
| I'm kinda sensitive to the "MITM as a service" argument,
| but for my use case, it's not a problem.
| skinner927 wrote:
| You don't need automated DNS fiddling for lets encrypt.
| Certbot can either hook into Apache or NGINX, or run its
| own standalone server for verification.
| jsheard wrote:
| You do need DNS fiddling if you want a wildcard cert, LE
| only accepts DNS challenges for those.
| gunapologist99 wrote:
| Aside from sibling comment, you also need automated DNS
| fiddling if you want CloudFlare Strict TLS support,
| because if LE can only connect to CF proxy, it will never
| issue via HTTPS.
| jsheard wrote:
| You don't necessarily need to do that, Cloudflare can
| generate you a long-lived certificate to install on your
| origin server which isn't publicly trusted but is trusted
| by their proxies, so it works with Strict TLS. YMMV with
| other CDNs though, you might need to fall back to using
| LE with a DNS challenge in some cases.
|
| https://developers.cloudflare.com/ssl/origin-
| configuration/o...
| Arrowmaster wrote:
| Not true. I have a CF rule that matches . well-
| known/acme-challenge and sets SSL off. The main setting
| is on full strict but the rule disables the auto redirect
| to https and the strict checking so an acme client behind
| a CF tunnel can bootstrap a cert with the HTTP-01 method.
| kuschku wrote:
| > Well, one of the "challenges" is the one in a different
| comment: most registrars don't allow fine-grained control
| over who can update what DNS records.
|
| Afaik, every major registrar allows you to add an NS
| record for the _acme-challenge subdomain, allowing you to
| put the _acme-challenge subdomain on a custom, self-
| hosted DNS server.
|
| That in turn allows you to make the permissions as
| specific as you'd like. Personally I just run powerdns in
| docker for this.
| TheNewsIsHere wrote:
| Using CNAME delegation for the ACME challenge domain and
| directing that to a Route 53 zone is my preferred
| approach. Then (as long as you have CloudWatch
| configured) you get inherent auditing and very flexible
| privilege management.
| jgalt212 wrote:
| so public server via http only then?
| coda_ wrote:
| They do allow ssh via a web browser. It may be a "beta"
| feature, but it doesn't require the client to run anything.
| e12e wrote:
| Requires your client to run a web browser though? That's a
| lot different from just an ssh client?
| DreamFlasher wrote:
| At which point is the MITM happening? What I mean is: browser
| - Cloudflare server - cloudflared on my server - web service.
| Is TLS only from browser to Cloudflare server, or is it
| browser to cloudflared?
| 2Gkashmiri wrote:
| Do you get a cloudflare free subdomain or you need to supply
| your own ?
| starttoaster wrote:
| You need to have a domain that you manage DNS for in
| Cloudflare. Look up what a "registrar" is, a common one
| people go through would be Namecheap. Get a domain, and then
| look up how to set up a DNS zone in Cloudflare from an
| external registrar. If you plan on working in tech, this is
| one of those things you'll absolutely need experience with
| doing. Good luck!
|
| Though it occurs to me their may just be a language barrier
| and you may have a domain that you manage your DNS in
| Cloudflare already. If that's the case, a subdomain is just
| an A record under your domain's DNS settings for anything
| other than the root domain. So, if your domain is
| "example.com", the A record could be like "service" with an
| IP of "192.168.1.10", and your subdomain would then be served
| on "service.example.com" for example. Subdomains are free, if
| you have a domain in the first place.
|
| If you're asking if you would already need the subdomain
| configured in your DNS settings in Cloudflare, then yes, most
| likely. Though there are tools that create those for you,
| like external-dns in kubernetes.
| kazinator wrote:
| How can you claim it's simpler in the light of the revelations
| in noname120's comment?
|
| Dynamic DNS is literally one little service you run to "phone
| home" to the dynamic DNS provider. This service is bundled in
| consumer routers; just find it in the WebUI, put in the
| credentials and turn it on.
|
| You know what could be simple: a periodic job that figures out
| your public IP address, and if it has changed, generates a
| _hosts_ file entry for it, and e-mails it to you. If all you
| care about is just you having access to home while you are
| roaming about, that could do it. It also occurs to me that it
| makes a good backup strategy in case something goes wrong with
| DDNS while you are traveling.
| KennyBlanken wrote:
| Consumer firewalls, the largest names in open source
| firewalls, and at least one webserver/reverse proxy that I
| know of.
|
| There also dozens of existing DDNS daemons out there already
| with far more developer, testing, and user eyeballs on them.
|
| The firewall solution is preferred because the firewall knows
| when the external interface changes IP addresses, so there's
| no system or network overhead from having an agent repeatedly
| testing if the IP has changed, nor any downtime between when
| the IP changes and when the next check happens.
| scosman wrote:
| I do the same with tailscale, which has a nice friendly UI for
| setting everything up.
|
| I setup some Cloudflare DNS records to the tail scale 100.x IPs
| to make them easy to remember.
| password4321 wrote:
| Some ISP DNS servers will not return internal IPs, Verizon
| FiOS and 172.x specifically.
| jthoward64 wrote:
| I use tailscale's DNS feature and run my own DNS server. That
| way I can have a subset of my services available on the
| internet via CF tunnels and when I connect to tailscale I get
| all of them directly, and I can use the same domain names
| briHass wrote:
| It's better to do a script on your router, which knows exactly
| when the ISP's DHCP changes. Mikrotik has an event to capture
| this, and *sense has built in scripts for various DDNS providers.
| tssva wrote:
| I used ddclient with Cloudflare for years with no issues.
|
| Recently upgraded my home router and the manufacturer operates a
| free dynamic dns service enabled with a toggle button. I have a
| cname record in my domain's dns records pointing to the dynamic
| dns entry. I actually don't even need that anymore. All the
| services I run at home are only for immediate family so only
| available remotely via a Wireguard vpn connection. I migrated
| that to the router also because it can do 900Mbs of Wireguard
| traffic and has a great vpn server management implementation. By
| default the client configs it generates points to the dynamic dns
| name. No real need for the cname but I have it out of habit.
| kukkamario wrote:
| Mikrotik at least has that DDNS functionality. It is really
| nice feature.
| tssva wrote:
| I didn't need all the features or complexity of a Mikrotik
| router so I went simpler. I have a GL.iNet MT-6000.
| Underneath it runs openwrt and you can access the openwrt
| luci web interface or ssh to it if you want to do anything
| more complex than their web ui allows. So far besides
| enabling sftp so certbot can deploy a ssl cert to replace the
| default self-signed cert I haven't needed to.
|
| It also runs AdGuard Home so that is another thing I have
| been able to remove from my home server.
| IgorPartola wrote:
| So does OPNsense. It's such a joy to use that whole OS.
| jms703 wrote:
| There are a lot of these on github. This one seems to be
| maintained well:
|
| https://github.com/zebradil/cloudflare-dynamic-dns
| Snawoot wrote:
| You can achieve the same on virtually any DNS hosting with
| RGAP[1]. The trick is to delegate name of your interest to server
| which runs RGAP DNS server and let it respond to queries for such
| domain name. Bonus: you can have more than one address running
| RGAP-agent and exporting its address to DNS.
|
| [1]: https://github.com/SenseUnit/rgap
| trallnag wrote:
| My internet router (Fritzbox) has DDNS built-in, so I just use
| the domain provided by the Fritzbox / AVM combined with DNAME
| records.
| efortis wrote:
| Since my IP hardly changes, I went from DDNS to an email
| notifying me when the IP changes with this cron:
| old_ip=`cat ~/.prev_ip` my_ip=`ifconfig em0 | awk '/inet/
| {print $2}' 2>&1` my_email=me@example.com if [
| "$my_ip" != "$old_ip" ]; then echo $my_ip > ~/.prev_ip
| echo $my_ip | mail -r $my_email -s "New IP: $my_ip" $my_email
| fi
| WarOnPrivacy wrote:
| > Since my IP hardly changes...
|
| Same. Our wireline ISPs used to issue new public IPs every 1-12
| weeks. Now it's more like 6 mos to never.
|
| I'm thinking this is due to pressure from IPv4 exhaustion and
| the rise of easy DDNS. There's also an overall shift - from
| using tech to protect profit-generating services to using
| lobbyists.
|
| To share an anecdote from the before times: I was once trying
| to setup a VPN endpoint on a client's DSL connection. Every
| time I initiated the connection, their public IP would change.
| The lease renewal was fairly quick and I could trigger 5
| changes a minute.
| stkdump wrote:
| For me it changes reliably on every reconnect, but there are
| no forced reconnects, and I now have my router not restarting
| basically ever since I am on openwrt and am done with setting
| everything up.
| WarOnPrivacy wrote:
| > For me it changes reliably on every reconnect,
|
| What kind of reconnect?
| tcfhgj wrote:
| router to provider network
| kurokawad wrote:
| Very cool! For anyone interested in a bash script instead of
| installing a Python runtime, I made this tool some time ago for
| the same purpose: https://github.com/ddries/d2c.sh
| candiddevmike wrote:
| If only this didn't require an API token with write access to the
| entire domain. Please Cloudflare, let us grant access to specific
| (or regexp!) records
| vladvasiliu wrote:
| Last I checked AWS has the same limitation. One workaround is
| creating a separate sub-zone and giving access only to that to
| whatever you need. But for a "cheap homelab" solution, that's
| gonna cost you a bit more per month.
| yuvadam wrote:
| This kind of script should ideally run on your main router, and
| openwrt already has support for Cloudflare DDNS [1]
|
| [1] - https://openwrt.org/packages/pkgdata/ddns-scripts-
| cloudflare
| js2 wrote:
| If for some reason your DDNS client supports dyndns but not
| Cloudflare (e.g. UniFi OS), you can use this Cloudflare Worker as
| an adapter:
|
| https://github.com/willswire/unifi-ddns
| _0xdd wrote:
| I did something similar with `curl` and `sh` about a year ago,
| when the version of `ddclient` on OpenBSD didn't properly support
| Cloudflare.
| pdntspa wrote:
| Nothing that afraid.org hasn't been doing for years at this
| point....
|
| Which got me into a 4-year exploration of FreeBSD! I'm still a
| bit sad I had to replace it with Proxmox on Debian to get what I
| wanted.
| ttul wrote:
| I've been favoring Tailscale lately for establishing magical
| access to machines at home. Because it permits two-factor
| authentication based on Google and other systems, it seems more
| secure than just having things exposed via public IP. That being
| said I definitely appreciate that being really on the internet
| has its uses!
| blfr wrote:
| I wanted to do this a long time ago but I wouldn't trust my
| router with a Cloudflare API key. Paranoid or is there a way to
| limit that key to one domain or, even better, one DNS entry?
| nrabulinski wrote:
| Yes you can generate a key which, for example, only allows you
| to edit DNS of a specific domain
| eat_veggies wrote:
| As the other commenter says, you can get pretty granular with
| the permissions. If you want to go even further, you can build
| a Cloudflare Worker that performs exactly the request that you
| want to do, and nothing else. Then you can configure your
| router to hit _that_ instead of the API directly.
| slt2021 wrote:
| you can setup the job on your trusted machine behind the
| router, could be raspberry pi or your desktop
| kazinator wrote:
| "Yeah, but"; do I want to be putting up impossible-to-solve
| captcha loops in people's faces? Can you do this in a way that
| people who know your domain can go directly to your actual IP
| address, rather than a Cloudfare proxy?
| arrty88 wrote:
| I did the same, with Linode dns and their api
| ahmetozer wrote:
| curl dns.he.net -H someauthheader
|
| Second recommendation, instead of https://api.ipify.org/
| https://cloudflare.com/cdn-cgi/tracert is my preference always
|
| Thirdly Why does such a basic thing get that many upvote? Hnews
| turns into tiktok for sde
| KennyBlanken wrote:
| Well, these days SDE means "don't bother properly engineering
| your software, just throw away the entire system environment
| and re-make it!" aka containers, so...
| clwg wrote:
| A bit of a tangent, but something like PowerDNS authoritative
| server comes with an API[0] that can be leveraged for similar
| functionality to what Cloudflare provides.
|
| Decentralization of the internet has to start with Authoritative
| DNS. I know it's not free to host an authoritative server like
| this on a VPS, and there are DDoS considerations. But the flip
| side is that DNS is a metadata protocol and contains a wealth of
| information that anybody privacy focused should think twice
| about. It's also an incredibly powerful and important protocol to
| understand.
|
| [0] https://doc.powerdns.com/authoritative/http-api/index.html
| remram wrote:
| If you're privacy-focused, you should run your own recursive
| resolver. Running your own authoritative server doesn't help
| much with privacy if clients still go through centralized
| recursive resolvers to query your domain.
| clwg wrote:
| You should run both.
|
| Consider Cloudflare (and large scale infrastructure providers
| like TLD operators) point of view on the traffic: If your
| private resolver is using root hints, it's IP is now
| correlated with the lookup of that domain even if they don't
| proxy the website. That's you and your users, and they can do
| that at scale - So it's important to point queries for your
| assets directly to your authoritative servers or rewrite
| inline without ever querying a internet source.
|
| dnsdist[0] (also PowerDNS) allows you to load balance and
| apply rules across upstream resolvers which opens up allot of
| possibilities on the recursive side.
|
| Trusted resolvers with a healthy number of users originating
| iterative queries from non-descript and changing IP's is
| probably the best way to anonymize your recursive traffic.
|
| [0] https://dnsdist.org/
| rglullis wrote:
| 66 comments and no mention of inadyn?
|
| https://github.com/troglobit/inadyn
| dethos wrote:
| Some time ago, I built a similar project:
| https://github.com/dethos/worker-ddns
|
| The main difference is that, for security reasons, it uses a
| "Cloudflare worker" to change the DNS record.
|
| > Since Cloudflare API Token permissions aren't granular enough
| to limit the token access to a single DNS record, we place a
| worker in front of it (this way the token with extra priviledges
| never leaves cloudflare's servers).
|
| It works very well, no complaints until now.
| politelemon wrote:
| Similar project which runs in Docker:
|
| https://github.com/favonia/cloudflare-ddns
|
| It's cache friendly and respectful of rate limits
| theduality wrote:
| I have been using this for a couple of years, ticking away on
| an RPi. Works perfectly.
| fastily wrote:
| Nice, there seem to be a lot of these! I personally use
| https://github.com/qdm12/ddns-updater, it's from the creator of
| gluetun
| gavinsyancey wrote:
| This is the script I use for this:
| https://github.com/g-rocket/cloudflare-ddns-updater
| wiradikusuma wrote:
| For those who depend on Cloudflare extensively and have some
| traffic, I have a question:
|
| I was researching whether it's worth it to switch my pet project
| to Cloudflare's various offerings (D2, Workers) instead of
| AWS/GCP, since Cloudflare has a very generous free tier.
|
| But from quick googling (I think it's Reddit), some people said
| Cloudflare uses bait-and-switch where at some point you will need
| certain features that are only available in enterprise plan or
| something, basically significant cost increase.
|
| Should I be concerned?
|
| EDIT: I want to make it clear that I'm talking about
| _significant_ cost increase, something that will catch many
| people by surprise.
| kbar13 wrote:
| it's only a bait and switch if you pay for something that they
| then pull out from under you. this is just called a free trial
| judge2020 wrote:
| > But from quick googling (I think it's Reddit), some people
| said Cloudflare uses bait-and-switch where at some point you
| will need certain features that are only available in
| enterprise plan or something, basically significant cost
| increase.
|
| Cloudflare is only "free" for hosting websites; doing something
| like hosting just images or binary data and pushing hundreds of
| gigabytes or terabytes a month is likely to get your domain
| dropped from Cloudflare [0]. However, they do allow these non-
| website use cases (like hosting binary files, tons of images,
| etc) when using their third party products like R2 and/or
| Workers.
|
| But, even with those stipulation, they do have a somewhat
| _dubious_ sales tactic where, if you 're pushing a lot of data,
| they:
|
| - send you an email saying "you're using a lot of data"
|
| - Have a line threatening you to "pay us to safeguard your
| website from potential suspension or restricted access"
|
| - If you don't pay, you're in limbo on whether or not you're
| actually violating T&S and should make plans for being dropped
| by CF
|
| Going over X0 TB/mo seems to be the threshold for getting put
| in this sales funnel, based on the few instances i've seen, but
| I can't confirm it. In some of these cases, the accounts
| survived, and in others they were dropped, so this isn't always
| a death sentence.
|
| I would be incredibly grateful if Matthew Prince / eastdakota
| commented on this sales tactic, because it's obvious that some
| sales EVP at some point in time said "When Trust & Safety flags
| a customer for bandwidth reasons, we need to try to upsell them
| before T&S can review and make a determination for the
| account", which seems incredibly bad manners with how often CF
| speaks about their anti-"bandwidth rent seeking" philosophy[1].
|
| 0: https://community.cloudflare.com/t/the-way-you-handle-
| bandwi...
|
| 1: https://blog.cloudflare.com/aws-egregious-egress
| ruskyhacker wrote:
| Weird, this project is very similar to this one
| https://github.com/zackoch/easy_cloudflare_dns_updater/tree/...
| Did OP kang my project?
| BikiniPrince wrote:
| A dhcp lease hook is also useful to keep up with changes
| instantly.
| ruskyhacker wrote:
| I feel ripped off! (kidding, this is commonly "reinvented" by
| many. Here's my Cloudflare and Google DNS ones:
| https://github.com/zackoch/easy_cloudflare_dns_updater/tree/...
|
| https://github.com/zackoch/easy-dynamic-google-cloud-dns
| joecool1029 wrote:
| I use cloudflare with ddclient for a raspberry pi weather station
| on t-mobile (a regular line, not TMHI). This allows ms to view it
| anywhere.
|
| It just sets the AAAA every 5 minutes via cloudflare's API and
| their CDN proxies it automatically for the ipv4 only clients. I
| leave the A record blank.
|
| EDIT: Has to he this way because ipv4 is behind CGNAT on their
| network where ipv6 is fully routed public addresses. The home
| internet product is setup differently and you can't host stuff on
| it.
| russfink wrote:
| It feels like this trick would violate the terms of service...?
| Caveat: I don't use Cloudflare.
| FriendlyMike wrote:
| I used duckdns and have for years
| softfalcon wrote:
| I wrote one of these in C# years ago after seeing my friend write
| one in GoLang even more years ago.
|
| GoLang: https://github.com/wyattjoh/cloudflare-ddns
|
| C#: https://github.com/nick-funk/dyn-dns
|
| Mine is more barebones since I threw it together quickly in an
| afternoon. I feel like many a HomeLab person fighting their ISP
| is taking advantage of this Cloudflare API trick
| max-ibel wrote:
| Did anyone here here set up a good rsyslogd configuration where
| the receiving syslog collector limits incoming logs to only known
| ddns machines ?
|
| I think I may be able to stitch something together with
| periodically reconfigured packet filters, but I'd appreciate an
| existing solution.
|
| Bonus points if running on freebsd.
| djbusby wrote:
| Put a filter on syslog-ng, IIRC that runs on the BSDs
| alanfranz wrote:
| Psa: https://freedns.afraid.org/ still works and it's free.
| shepherdjerred wrote:
| I've used this project which provides a Docker container:
| https://github.com/timothymiller/cloudflare-ddns
___________________________________________________________________
(page generated 2024-07-27 23:04 UTC)