Skip to content

mrikirill/KTSynologyDDNSCloudflareMultidomain

Repository files navigation

Unit tests

Synology Dynamic DNS Native Agent for Cloudflare (Multidomains & Subdomains)

This project is based on my PHP version of the agent: https://github.com/mrikirill/SynologyDDNSCloudflareMultidomain

Documentation website: https://mrikirill.github.io/KTSynologyDDNSCloudflareMultidomain/

Sponsor

Why this project?

The idea of this project is to provide a native agent for Synology DSM and SRM devices (read SRM support first) to update Cloudflare DNS records without requiring any dependencies.

This project is based on the original PHP version of the agent but is written in Kotlin Native and does not require the JVM. The agent is a standalone executable file that doesn't rely on system dependencies, which is the main difference from the PHP version. Additionally, it includes unit tests covering the main logic of the agent.

Stack

Table of contents

What this native agent does

  • Works as a standalone executable file.
  • Functionality remains consistent with the PHP version of the agent.
  • Designed for Synology DSM and Synology SRM devices to integrate Cloudflare support into Network Centre > Dynamic DNS (DDNS).
  • Supports single domains, multidomains, subdomains, regional domains, or any combination etc (e.g., dev.my.domain.com.au, domain.com.uk, etc.).
  • Simple installation process.
  • Based on CloudFlare API v4
  • Use ipify.org to detect IPv6
  • Compatible with both IPv4 and IPv6 dual stack.

SRM Support

SRM-based devices use the Linux Arm64 architecture. The agent has a build target for Linux Arm64 and should work on SRM devices. However, it needs to be built locally and tested on SRM devices. Currently, it has not been tested on SRM devices, and there is no established build process for Linux Arm64.

Build the agent locally

  1. Kotlin Native Documentation here

  2. Clone the repository

  3. Run the following command to build the agent

./gradlew build

Note: cause the agent includes the Ktor Client Curl Engine it requires extra steps documented here

Before you start

Before starting the installation process, make sure you have (and know) the following information, or have completed these steps:

  1. Cloudflare credentials:

    a. Know your Cloudflare account username (or register for an account if you're new to Cloudflare); and

    b. Have your API key - no need to use your Global API key! (More info: API keys).

    image

    c. Create a API key with following (3) permissions:

    Zone > Zone.Settings > Read
    Zone > Zone > Read
    Zone > DNS > Edit

    The affected zone ressouces have to be (at least):

    Include > All zones from an account > <domain>

  2. DNS settings:

    Ensure the DNS A record(s) for the domain/zone(s) you wish to update with this script have been created (More information: Managing DNS records).

    Your DNS records should appear (or already be setup as follows) in Cloudflare:

    (Note: Having Proxied turned on for your A records isn't necessary, but it will prevent those snooping around from easily finding out your current IP address)

    image

  3. SSH access to your Synology device:

If you haven't setup this access, see the following Synology Knowledge Base article: [How can I sign in to DSM/SRM with root privilege via SSH?[(https://kb.synology.com/en-id/DSM/tutorial/How_to_login_to_DSM_with_root_permission_via_SSH_Telnet)

How to install

  1. SSH with sudo on your supported device:

    a. For DSM Users:

    Navigate to Control Panel > Terminal & SNMP > Enable SSH service

    b. For SRM users:

    Navigate to Control Panel > Services > System Services > Terminal > Enable SSH service

    image

  2. Connect via SSH: Connect to your supported device via SSH and run this command:

wget https://raw.githubusercontent.com/mrikirill/KTSynologyDDNSCloudflareMultidomain/master/install.sh -O install.sh && sudo bash install.sh
  1. Update your DDNS settings:

    a. For DSM Users: Navigate to Control Panel > External Access > DDNS then add new DDNS

    b. For SRM users: Navigate to Network Centre > Internet > QuickConnect & DDNS > DDNS and press the Add button:

    Add/Update the DDNS settings screen as follows:

    • Service provider: Select Cloudflare

    • Hostname: this field is not used anymore, you can put any value here

    • Username: For a single domain: mydomain.com For multiple domains: subdomain.mydomain.com|vpn.mydomain.com (ensure each domain is separated: |)

      Note: there is 256 symbols limit on Hostname input

    • Password: Your created Cloudflare API Key

    image

    Finally, press the test connection button to confirm all information is correctly entered, before pressing Ok to save and confirm your details.

  2. Enjoy 🍺 and don't forget to deactivate SSH (step 1) if you don't need it.

Troubleshooting and known issues

CloudFlare API free domains limitation

CloudFlare API doesn't support domains with a .cf, .ga, .gq, .ml, or .tk TLD (top-level domain)

For more details read here: mrikirill/SynologyDDNSCloudflareMultidomain#28 and https://community.cloudflare.com/t/unable-to-update-ddns-using-api-for-some-tlds/167228/61

Response example:

{
  "result": null,
  "success": false,
  "errors": [
    {
      "code": 1038,
      "message": "You cannot use this API for domains with a .cf, .ga, .gq, .ml, or .tk TLD (top-level domain). To configure the DNS settings for this domain, use the Cloudflare Dashboard."
    }
  ],
  "messages": []
}

Connection test failed or error returned

This will manifest as either 1020 error; or the update attempt not showing in your Cloudflare Audit logs.

That generally means you may not have entered something correctly in the DDNS screen for your domain(s).

Revisit Before you begin to ensure you have all the right information, then go back to Step 4 in How to install to make sure everything is correctly entered.

Handy hint: You can also check your Cloudflare Audit logs to see what - if anything - has made it there with your API key (More information: Understanding Cloudflare Audit Logs). Updates using the API will appear in the Audit logs as a Rec Set action.

Cloudflare no longer listed as a DDNS provider after DSM or SRM updates

If this occurs, simply repeat the How to install steps shown above.

Default Cloudflare ports

Source Identifying network ports compatible with Cloudflare's proxy

HTTP ports supported by Cloudflare HTTPS ports supported by Cloudflare
80 443
8080 2053
8880 2083
2052 2087
2082 2096
2086 8443
2095

Debug

You can run this script directly to see output logs

  • SSH into your Synology system

  • Run this command:

./KTSynologyDDNSCloudflareMultidomain.kexe "domain1.com|vpn.domain2.com" "your-Cloudflare-token" "any" "1.2.3.4 - ipv4 address"
  • Check output logs

Output messages

From /etc.defaults/ddns_provider.conf:

When you write your own module, you can use the following words to tell user what happen by print it. You can use your own message, but there is no multiple-language support.

good - Update successfully.

nochg - Update successfully but the IP address have not changed.

nohost - The hostname specified does not exist in this user account.

abuse - The hostname specified is blocked for update abuse.

notfqdn - The hostname specified is not a fully-qualified domain name.

badauth - Authenticate failed.

911 - There is a problem or scheduled maintenance on provider side

badagent - The user agent sent bad request(like HTTP method/parameters is not permitted)

badresolv - Failed to connect to because failed to resolve provider address.

badconn - Failed to connect to provider because connection timeout.

Credits

MKDoc - generate documentation

Support this project

If you find this project helpful, please support it here Sponsor