I built Dynflare (get it on GitHub): a minimal, DIY alternative to dynamic DNS providers. It syncs Cloudflare DNS records.

That’s cool, but… why?

I wanted to run a few services on a Raspberry Pi I keep on a shelf. My ISP wouldn’t sell me static IPs, and I’d rather not go through dynamic DNS providers or VPN services like Hamachi.

Sure, you could set up a Wireguard VPN, but that requires the server and the client both connect to it. That won’t work for sharing a webpage with a friend.

Why can’t you use a static IP anyway?

Being 32 bytes long, an IPv4 address can have 2^32 possible values, or 4'294'967'296 (less than 4.3 billion) unique addresses. There are many more connected devices than that on the public internet!

To work around this problem, Internet Service Providers commonly resort to two technologies:

• Dynamic IP addresses: instead of permanently reserving a fixed network address to each and every device in the network, assign only when connected and rotate when disconnected; note that the address is fixed during the whole duration of the connection
• NAT (or IP masquerading): map <src-ip>:<src-port> and <dst-ip>:<dst-port> together, so that an entire address space is hidden behind a single IP address; NAT-ed connections are common in mobile data offerings (your phone’s Internet)

…and various combinations of the above.

Most likely, your home internet connection provides you with a dynamic IP address.

Third-party solutions

If your ISP NATs your connection you do need a tunnel to some external server with a static (or predictable) IP, like ngrok.

When I started experimenting with internet services, however, either ngrok didn’t exist or I didn’t know about it — instead, I used third-party services like NoIP or Oracle’s Dyn, which involves running a third-party agent locally:

1. the agent on your machine connects to the Dynamic DNS provider’s servers
2. the Dynamic DNS provider detects your external IP
3. their DNS server (or whatever DNS provider they have integrated) updates their DNS record’s value to your latest IP address.

This is sufficiently simple (also considering the very simple setup/deployment) for most users to rely on.

However, it’s not acceptable if:

1. you don’t want to trust closed source, third-party code on your devices
2. you want to implement custom logic around DNS updates
3. you want to update multiple DNS records, maybe of types different than A, on different DNS providers and/or domains
4. you don’t want any new accounts or platforms to manage.

Since Not-Invented-Here is real, I came up with my own solution

I already use Cloudflare. As a matter of fact, as of writing this post you’re most likely accessing this website through Cloudflare!

So I wrote a little command line utility I called dynflare as a dead-simple, deploy in 1 minute solution.

It connects to various services to detect what your IP address is, then updates one or more Cloudflare DNS records with the value.

Some example usage

Let’s imagine a simple scenario:

• you want to have an A record called example-subdomain on Cloudflare always updated to your dynamic IP address, for your example.com domain
• you want to mitigate hijacking with as less effort as possible
• you want to run with cron

Using Dynflare, you would add this to your crontab:

0 * * * * CLOUDFLARE_API_KEY="your CF API key" CLOUDFLARE_API_SECRET="your CF API secret" /usr/bin/dynflare -r cloudflare:example.com:A:example-subdomain

What this does is:

• configuring cron to run the above command every minute
• setting your Cloudflare credentials as environment variables (note that this is a very simple example, you shouldn’t save your credentials in a crontab!)
• running IP detection using all implemented providers and selecting the most-seen IP address
• updating the example-subdomain A record in the example.com zone of your Cloudflare account

Now, using crontab to store your API keys and config is not ideal, so you could run dynflare as a systemd unit as a dedicated user which only has access to a few files storing secrets, and move the config to /etc… but this is just an example.

Final words

Dynflare is open source and MIT licensed — you can fork it if you want. Or submit a Pull Request!

If you have ever needed a similar tool, I hope this post was helpful to you. Thanks for reading!