Dynamc DNS(DDNS) with OpenWRT and Cloudflare

Do you want to update your DNS when your IP changes? Are you using a router running OpenWRT and Cloudflare? Then this short guide is perfect for you!

Let’s dive right into it. The OpenWRT router needs to modify your DNS settings on Cloudflare, so we need to create an API token. We could use the global API token, but we’ll use an API token with more limited access instead.

Creating a token on Cloudflare

Head to Cloudflare and go to My profile -> API Tokens -> Create Token -> Create custom token.

Give your token a name, e.g. OpenWRT DDNS and add the following permissions:

  • Zone, Zone: Read
  • Zone, DNS: Edit

Under Zone Resources, select Include, then Specific Zone and select your domain, e.g. Hit Continue to summary and then Create Token.

Remember to take note of this token as you’ll need it later.

Configuring OpenWRT

Next up is configuring OpenWRT to work with Cloudflare. We’ll mostly use the Web GUI, but we’ll also SSH into the router to make a small change to how authentication is done with Cloudflare.

In the Web GUI, do the following:

  1. Go to System -> Software and press Update lists.
  2. Enter “ddns” into the filter field, and press Install on the and the luci-app-ddns packages.
  3. Log out of the GUI and back in. You should now have a Services -> Dynamic DNS option. Go to it.
  4. Press Edit on myddns_ipv4.
  5. Set DDNS Service provider to and confirm the change.
  6. Then set Lookup Hostname and Domain to the domain you want to update, e.g. Check the Enable and the Use HTTP Secure checkbox.
  7. Finally, paste the Cloudflare token you created into the Password field and hit Save and Apply. The username doesn’t matter.

The settings should now look something like this:

Example of how the page might look when you have entered your settings.
Example of how the page might look when you have entered your settings.

Great work, we’re almost done.

Next up, we’ll have to make a little change to the Cloudflare script as it doesn’t support authentication by using a token out of the box.

SSH into your router using, e.g. Putty. Use the same username and password that you have set up on your router. Then edit the script by running:
vi /usr/lib/ddns/

Enter insert mode by pressing i and find these lines:
__PRGBASE="$__PRGBASE --header 'X-Auth-Email: $username' "
__PRGBASE="$__PRGBASE --header 'X-Auth-Key: $password' "

Comment them out by adding a # at the beginning and add a new line below then so it looks like this:
#__PRGBASE="$__PRGBASE --header 'X-Auth-Email: $username' "
#__PRGBASE="$__PRGBASE --header 'X-Auth-Key: $password' "
__PRGBASE="$__PRGBASE --header 'Authorization: Bearer $password' "

The Authorization header is the new line. Cloudflare uses this header that will contain your token to identify you. Press Escape -> Type :wq -> hit Enter to save and quit. You can exit SSH now and go back to the GUI.

Change how your current IP is determined

If you head to Network -> Interfaces and you can see an IPV4-address under WAN, then OpenWRT knows what your current IP is, and you can skip this step.

However, if you don’t see an IP-address there, you’ll have to go to Services -> Dynamic DNS -> press Edit on myddns_ipv4 -> Go to Advanced Settings tab and change IP address source to something else.

Start using it

Now, head to Services -> Dynamic DNS and press Start.

Image showing that the IP and when it was last updated.

Congratulations! 🎉 It should now be up and running. You can press Edit -> Log file viewer to view the log of what it’s doing.

If you have any questions, feel free to ask! 🙂

2 replies on “Dynamc DNS(DDNS) with OpenWRT and Cloudflare”

In the new RC (21.02) of OpenWRT, the script has been updated. Now, if you set the username field to “Bearer” (captial B) it will automatically authenticate using the token — no script mods needed!

Leave a Reply

Your email address will not be published. Required fields are marked *