This project is based on my PHP version of the agent: https://github.com/mrikirill/SynologyDDNSCloudflareMultidomain
Documentation website: https://mrikirill.github.io/KTSynologyDDNSCloudflareMultidomain/
The idea of this project is to provide a native agent for Synology DSM and SRM devices (read SRM support first) to update Cloudflare DNS records without requiring any dependencies.
This project is based on the original PHP version of the agent but is written in Kotlin Native and does not require the JVM. The agent is a standalone executable file that doesn't rely on system dependencies, which is the main difference from the PHP version. Additionally, it includes unit tests covering the main logic of the agent.
- What this native agent does
- SRM Support
- Build the agent locally
- Before you start
- How to install
- Troubleshooting and known issues
- Default Cloudflare ports
- Debug script
- Output messages
- Credits
- Support this project
- Works as a standalone executable file.
- Functionality remains consistent with the PHP version of the agent.
- Designed for Synology DSM and Synology SRM devices to integrate Cloudflare support into
Network Centre > Dynamic DNS (DDNS)
. - Supports single domains, multidomains, subdomains, regional domains, or any combination etc (e.g., dev.my.domain.com.au, domain.com.uk, etc.).
- Simple installation process.
- Based on CloudFlare API v4
- Use ipify.org to detect IPv6
- Compatible with both IPv4 and IPv6 dual stack.
SRM-based devices use the Linux Arm64 architecture. The agent has a build target for Linux Arm64 and should work on SRM devices. However, it needs to be built locally and tested on SRM devices. Currently, it has not been tested on SRM devices, and there is no established build process for Linux Arm64.
-
Kotlin Native Documentation here
-
Clone the repository
-
Run the following command to build the agent
./gradlew build
Note: cause the agent includes the Ktor Client Curl Engine it requires extra steps documented here
Before starting the installation process, make sure you have (and know) the following information, or have completed these steps:
-
Cloudflare credentials:
a. Know your Cloudflare account username (or register for an account if you're new to Cloudflare); and
b. Have your API key - no need to use your Global API key! (More info: API keys).
c. Create a API key with following (3) permissions:
Zone > Zone.Settings > Read
Zone > Zone > Read
Zone > DNS > EditThe affected zone ressouces have to be (at least):
Include > All zones from an account >
<domain>
-
DNS settings:
Ensure the DNS A record(s) for the domain/zone(s) you wish to update with this script have been created (More information: Managing DNS records).
Your DNS records should appear (or already be setup as follows) in Cloudflare:
(Note: Having Proxied turned on for your A records isn't necessary, but it will prevent those snooping around from easily finding out your current IP address)
-
SSH access to your Synology device:
If you haven't setup this access, see the following Synology Knowledge Base article: [How can I sign in to DSM/SRM with root privilege via SSH?[(https://kb.synology.com/en-id/DSM/tutorial/How_to_login_to_DSM_with_root_permission_via_SSH_Telnet)
-
SSH with sudo on your supported device:
a. For DSM Users:
Navigate to Control Panel > Terminal & SNMP > Enable SSH service
b. For SRM users:
Navigate to Control Panel > Services > System Services > Terminal > Enable SSH service
-
Connect via SSH: Connect to your supported device via SSH and run this command:
wget https://raw.githubusercontent.com/mrikirill/KTSynologyDDNSCloudflareMultidomain/master/install.sh -O install.sh && sudo bash install.sh
-
Update your DDNS settings:
a. For DSM Users: Navigate to Control Panel > External Access > DDNS then add new DDNS
b. For SRM users: Navigate to Network Centre > Internet > QuickConnect & DDNS > DDNS and press the Add button:
Add/Update the DDNS settings screen as follows:
-
Service provider: Select Cloudflare
-
Hostname: this field is not used anymore, you can put any value here
-
Username: For a single domain: mydomain.com For multiple domains: subdomain.mydomain.com|vpn.mydomain.com (ensure each domain is separated:
|
)Note: there is 256 symbols limit on Hostname input
-
Password: Your created Cloudflare API Key
Finally, press the test connection button to confirm all information is correctly entered, before pressing Ok to save and confirm your details.
-
-
Enjoy 🍺 and don't forget to deactivate SSH (step 1) if you don't need it.
CloudFlare API doesn't support domains with a .cf, .ga, .gq, .ml, or .tk TLD (top-level domain)
For more details read here: mrikirill/SynologyDDNSCloudflareMultidomain#28 and https://community.cloudflare.com/t/unable-to-update-ddns-using-api-for-some-tlds/167228/61
Response example:
{
"result": null,
"success": false,
"errors": [
{
"code": 1038,
"message": "You cannot use this API for domains with a .cf, .ga, .gq, .ml, or .tk TLD (top-level domain). To configure the DNS settings for this domain, use the Cloudflare Dashboard."
}
],
"messages": []
}
This will manifest as either 1020 error; or the update attempt not showing in your Cloudflare Audit logs.
That generally means you may not have entered something correctly in the DDNS screen for your domain(s).
Revisit Before you begin to ensure you have all the right information, then go back to Step 4 in How to install to make sure everything is correctly entered.
Handy hint: You can also check your Cloudflare Audit logs to see what - if anything - has made it there with your API key (More information: Understanding Cloudflare Audit Logs). Updates using the API will appear in the Audit logs as a Rec Set action.
If this occurs, simply repeat the How to install steps shown above.
Source Identifying network ports compatible with Cloudflare's proxy
HTTP ports supported by Cloudflare | HTTPS ports supported by Cloudflare |
---|---|
80 | 443 |
8080 | 2053 |
8880 | 2083 |
2052 | 2087 |
2082 | 2096 |
2086 | 8443 |
2095 |
You can run this script directly to see output logs
-
SSH into your Synology system
-
Run this command:
./KTSynologyDDNSCloudflareMultidomain.kexe "domain1.com|vpn.domain2.com" "your-Cloudflare-token" "any" "1.2.3.4 - ipv4 address"
- Check output logs
From /etc.defaults/ddns_provider.conf
:
When you write your own module, you can use the following words to tell user what happen by print it. You can use your own message, but there is no multiple-language support.
good
- Update successfully.
nochg
- Update successfully but the IP address have not changed.
nohost
- The hostname specified does not exist in this user account.
abuse
- The hostname specified is blocked for update abuse.
notfqdn
- The hostname specified is not a fully-qualified domain name.
badauth
- Authenticate failed.
911
- There is a problem or scheduled maintenance on provider side
badagent
- The user agent sent bad request(like HTTP method/parameters is not permitted)
badresolv
- Failed to connect to because failed to resolve provider address.
badconn
- Failed to connect to provider because connection timeout.