Skip to content

Instantly share code, notes, and snippets.

@troyfontaine
Last active December 22, 2022 16:04
Show Gist options
  • Star 25 You must be signed in to star a gist
  • Fork 7 You must be signed in to fork a gist
  • Save troyfontaine/7e6f93e32621177fc9a94e823adc52b5 to your computer and use it in GitHub Desktop.
Save troyfontaine/7e6f93e32621177fc9a94e823adc52b5 to your computer and use it in GitHub Desktop.
USG ddclient Upgrade Script

How to use this script?

Why, that's simple! Copy this script to your USG, run chmod +x on it and then, as a user with sudo permission, execute it.

Shamelessly borrowed from Brittanic on the Ubiquiti Unifi forums

How to use it?

Simply run the following command (note, if you are at all security concious-don't run it and instead review the script, then copy it to your USG to execute).

curl https://gist.githubusercontent.com/troyfontaine/7e6f93e32621177fc9a94e823adc52b5/raw/fix_ddns.sh | sudo bash

But I don't see Cloudflare in the Unifi Controller!

Well you won't? This updates the client-so you still need to use the config file method of telling the USG to use ddclient to talk to Cloudflare.

Why do I need it smart guy?

If you haven't heard, Cloudflare deprecated their older API in favor of their newer-so the old ddclient still included in the Unifi line of routers can't talk to it anymore.

For those of us who use Cloudflare for DDNS-it kinda sucked. This helped.

Does this support the newer tokens?

Yes! While the pinned version of ddclient says it is 3.9.1, commenters have tested and confirmed that it has been patched to support the Cloudflare Tokens.

Details?

The token has been tested with All zones - Zone:Read, DNS:Edit and found to work.

#!/bin/bash
# Run this script as root
[ -z "$PS1" ] && return
source /etc/bash_completion
if [ "$_OFR_CONFIGURE" == ok ]; then
complete -D -F vyatta_config_default_complete
else
complete -D -F _vyatta_op_default_expand
fi
# Add deb repo to sources list if it isn't there
grep -q -F "deb http://archive.debian.org/debian/ wheezy main # wheezy #" "/etc/apt/sources.list" || echo "deb http://archive.debian.org/debian/ wheezy main # wheezy #" >> "/etc/apt/sources.list"
# Run Apt update
apt-get update
apt-get -y install libdata-validate-ip-perl dnsutils --no-install-recommends
# Download new ddclient and replace the existing version
pushd /tmp || return
curl -L -O https://raw.githubusercontent.com/ddclient/ddclient/6ae69a1ce688e8212b0973867b16af37f85172ef/ddclient
cp /usr/sbin/ddclient /usr/sbin/ddclient.bkp
cp ddclient /usr/sbin/ddclient
chmod +x /usr/sbin/ddclient
popd || return
# Tell the USG to update configuration and then display the status
update dns dynamic interface eth0
sleep 20
show dns dynamic status
@mihalski
Copy link

Will this work on a current stretch based (rather than the old wheezy based) USG?
I ask because I've just recovered from bricking my system after following instructions at https://help.ubnt.com/hc/en-us/articles/205202560-EdgeRouter-Add-Debian-Packages-to-EdgeOS so that I could install if top which overwrote libc and destroyed the USG.

@troyfontaine
Copy link
Author

Will this work on a current stretch based (rather than the old wheezy based) USG?
I ask because I've just recovered from bricking my system after following instructions at https://help.ubnt.com/hc/en-us/articles/205202560-EdgeRouter-Add-Debian-Packages-to-EdgeOS so that I could install if top which overwrote libc and destroyed the USG.

Yep, I've been using it after every update and have been having no issue (aside from having to run line 23 manually).

@mihalski
Copy link

mihalski commented Jun 16, 2019

I've manually downloaded and installed the current releases from the stretch repository just in case using the following commands:

curl http://ftp.debian.org/debian/pool/main/libd/libdata-validate-ip-perl/libdata-validate-ip-perl_0.27-1_all.deb -O
curl http://ftp.debian.org/debian/pool/main/libn/libnet-netmask-perl/libnet-netmask-perl_1.9022-1_all.deb -O
curl http://ftp.debian.org/debian/pool/main/libn/libnet-ipv6addr-perl/libnet-ipv6addr-perl_0.2.dfsg.1-3_all.deb -O
curl http://ftp.debian.org/debian/pool/main/libn/libnetwork-ipv4addr-perl/libnetwork-ipv4addr-perl_0.10.ds-2_all.deb -O

dpkg -i libdata-validate-ip-perl_0.27-1_all.deb libnet-netmask-perl_1.9022-1_all.deb libnet-ipv6addr-perl_0.2.dfsg.1-3_all.deb libnetwork-ipv4addr-perl_0.10.ds-2_all.deb

EDIT: Although I suspect since they're fully text based they're shared across the different Debian releases. My concern is if I try to install something else via apt-get and it borks the system (as it just did when trying to get iftop installed).

@troyfontaine
Copy link
Author

Updated to point to a specific build of ddclient as the maintainers no longer provide it as a regular Perl script.

@PrplHaz4
Copy link

PrplHaz4 commented Nov 2, 2020

Updated to point to a specific build of ddclient as the maintainers no longer provide it as a regular Perl script.

One thing to note for anyone coming here - because this is locked to 3.9.1 version of ddclient, it does NOT support Cloudflare API Tokens, and only the Global API Key can be used in your configuration.

The fix for this is ready, but not in any release yet: ddclient/ddclient#102 - and since they've moved away from the regular Perl script, we'll need to find an easy way to get a valid build to replace in this script...

@atgrady
Copy link

atgrady commented Mar 7, 2021

Updated to point to a specific build of ddclient as the maintainers no longer provide it as a regular Perl script.

One thing to note for anyone coming here - because this is locked to 3.9.1 version of ddclient, it does NOT support Cloudflare API Tokens, and only the Global API Key can be used in your configuration.

The fix for this is ready, but not in any release yet: ddclient/ddclient#102 - and since they've moved away from the regular Perl script, we'll need to find an easy way to get a valid build to replace in this script...

FYI, the specific ddclient build linked to in this script is newer than the official 3.9.1 release and does in fact include those commits you referenced that add support for Cloudflare API Tokens. Just use "token" for the login (instead of your email address) and your API token for the password.

@PrplHaz4
Copy link

PrplHaz4 commented Mar 9, 2021

Updated to point to a specific build of ddclient as the maintainers no longer provide it as a regular Perl script.

One thing to note for anyone coming here - because this is locked to 3.9.1 version of ddclient, it does NOT support Cloudflare API Tokens, and only the Global API Key can be used in your configuration.
The fix for this is ready, but not in any release yet: ddclient/ddclient#102 - and since they've moved away from the regular Perl script, we'll need to find an easy way to get a valid build to replace in this script...

FYI, the specific ddclient build linked to in this script is newer than the official 3.9.1 release and does in fact include those commits you referenced that add support for Cloudflare API Tokens. Just use "token" for the login (instead of your email address) and your API token for the password.

Thanks for this @atgrady! Great to have this finally working as an API token.

Working config using an API token that's been granted All zones - Zone:Read, DNS:Edit looks like:

{
	"service": {
		"dns": {
			"dynamic": {
				"interface": {
					"eth0": {
						"service": {
							"cloudflare": {
								"host-name": [
									"mydomain.tld"
								],
								"login": "token",
								"options": [
									"zone=mydomain.tld"
								],
								"password": "access token here",
								"protocol": "cloudflare",
								"server": "api.cloudflare.com/client/v4"
							}
						},
						"web": "dyndns"
					}
				}
			}
		}
	}
}

@StevenGFX
Copy link

@PrplHaz4 omg thank you! Changing login to "token" got it working for me. I struggled so hard with this. 🤦 lol

@flybyray
Copy link

Shamelessly borrowed from Brittanic on the Ubiquiti Unifi forums

should be?:

@troyfontaine
Copy link
Author

Shamelessly borrowed from Brittanic on the Ubiquiti Unifi forums

should be?:

Updated!

@tsopokis
Copy link

I found the script used in ERL devices and it doesn't need any other packages, just download the file and put it under /usr/sbin/ddclient.
https://dl.ubnt.com/firmwares/edgemax/afomins/ddlient-with-cloudflare-v4-api-support-000/ddclient

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment