ddclient with cloudflare not updating

Question

Have a domain registered with Namecheap, using Cloudflare DNS servers. Prior this setup I was just using Namecheaps DNS until realizing I cannot use their production APIs for Traefik. Whilst I had this setup, updating with ddclient to Namecheap worked just fine.

Now that I am using Cloudflare DNS, I am trying to update the records using ddclient. Nothing seems to work, I've tried a number of different combinations and I've also put my domain into Development mode so that changes are not cached whilst testing.

I have two A records in my cloudflare dashboard: mydomain.com and the subdomain login

Here is my ddclient.config:

daemon=300                              # check every 300 seconds
syslog=yes                              # log update msgs to syslog
pid=/var/run/ddclient/ddclient.pid      # record PID in file.
ssl=yes                                 # use ssl-support. 

##
## CloudFlare (www.cloudflare.com)
##
use=web,                                                        \
protocol=cloudflare,                                            \
zone=<mydomain.com>,                                            \
ttl=1,                                                          \
login=<my email login> ,                                        \
password=<my DNS-Edit enabled API key>                          \
login.<mydomain>.com

I have also tried just adding the subdomain underneath without the full domain i.e. login and adding web=dynamicdns.park-your-domain.com to the file, nothing seems to work.

Answer 1

This appears to be an issue with ddclient not bumping to the new cloudflare api version. Ticket remains open.

https://github.com/ddclient/ddclient/issues/361

Alternative suggested is to use https://github.com/timothymiller/cloudflare-ddns

Answer 2

This is a bit of a zombie page, but it comes up in Google searches, so I thought I would put the working example here.

If you go to the ddclient github page and browse the source code for ddclient.in, search for 'cloudflare' and you will see the examples and all the details on how to make this work with ddclient 3.9.1.

Option one: Use Global API key

Last stanza of ddclient.conf

#
# Change ip address for example.com at cloudflare
# (less secure as uses global API key)
#
protocol=cloudflare, \
zone=example.com, \
ttl=1, \
login=your_email_for cloudflare_login@xyz.com, \
password=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
example.com

The comma, space and line break are important. Be sure there are no spaces after the backward slash.

Option two: Use API token with limited permissions

a. Go to your Cloudflare dashboard and make a API token with Zone-DNS-Edit and Zone-Zone-Read permissions. It won't work if the permissions on the API Token are anything else.

b. Last stanza of ddclient.conf

#
# Using token with Zone-DNS-Edit and Zone-Zone-Read permissions
#
protocol=cloudflare, \
zone=example.com, \
ttl=1, \
login=token, \
password=XxXxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
example.com

Again, formatting seemed to be important. I got error messages when there were stray spaces after the backslash. If you use the token, it is sent as "Bearer xxxxxxxx." In ddclient, the "Bearer" is prepended automatically; you only need to put in the alphanum string. Read the perl source for more details.

Tested and working on OpenBSD 6.9 and 7.0 and ddclient 3.9.1.