Dynamic DNS record update

Cloudflare API

Cloudflare DNS management is easy to use and offers simple APIs to manage all your resources. Sometimes, you might have some hosts that have a dynamic IP, or your router reboots and gets a new IP, or any other reason. What you want is a way to automatically reassign the current IP to a DNS record you own.

A simple way of doing it, without installing any third party tool, is to directly send a request to Cloudflare APIs with your new IP address.

How do I change a Cloudflare DNS record through APIs?

How to automate the domain IP changes

There are four simple steps:

  1. Get your ZONE id from your main Cloudflare page: go to https://dash.cloudflare.com and then on your domain. You will find the Zone ID in the bottom right of the page.
  2. Get the DNS record id of the record you want to change
  3. GET an API Token with permissions to modify DNS records: go to https://dash.cloudflare.com/profile/api-tokens and Create a new Token. Click on Edit zone DNS template and then add your preferred zone. You can specify more options if you will. Make sure to securely store your token in a password manager as it will not be shown again.
  4. Setup a cron job that runs a bash script and updates your DNS record

To get the DNS record id: Once you have your ZONE ID, then you need to find out the Record Id for the specific record you want to change. In order to do that, simply perform a call to Cloudflare APIs as follow:

$ curl https://api.cloudflare.com/client/v4/zones/"$ZONE_ID"/dns_records \
        -H "Authorization: Bearer ${CF_BEARER}"

Scroll the JSON for your specific record name and copy the RecordId.

Update script

Here is the bash script that will do the following actions:

  1. Get current IP (and later log it to file)
  2. If the current IP is different from the previous IP stored in the logfile, update the DNS record on Cloudflare
  3. Log the new IP to file with current date

The API call shown in the script can be obviously reused at will. You can modify the proxy status of the record (if you want it to be passing through Cloudflare CDN), the TTL, etc.

Setup a recurrent cron job

To setup a recurrent cron job, simply run crontab -e and then add a line like */15 * * * * /PATH_OF_YOUR_FILE/update_a_record.sh.

The cron job will run every 15 minutes and will run the specified script.

If you think you need to validate the IP address, you can check with a regex that is in the proper format. Here is an example that you can incorporate in the script above.

if [[ $ip_address =~ ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ ]]; then
    echo "Valid IPv4 address: $ip_address"
    echo "Invalid IPv4 address: $ip_address"

Final considerations

Since the script contains the API Token in cleartext, make sure to properly protect it. The API Token is able to modify your DNS Zone according to what the settings were at creation time.

Remove permissions to other users to read the file or create a new user that just does that.

I hope you found this post helpful. If you have any questions or feedback, feel free to leave a comment below.

Last modified: 30 July 2023