Program to keep DNS A and/or AAAA records updated for multiple DNS providers
- Available as a Docker image
qmcgaw/ddns-updater
andghcr.io/qdm12/ddns-updater
- π Available as zero-dependency binaries for Linux, Windows and MacOS
- Updates periodically A records for different DNS providers:
- Aliyun
- AllInkl
- Cloudflare
- DD24
- DDNSS.de
- deSEC
- DigitalOcean
- DonDominio
- DNSOMatic
- DNSPod
- Dreamhost
- DuckDNS
- DynDNS
- Dynu
- EasyDNS
- FreeDNS
- Gandi
- GCP
- GoDaddy
- GoIP.de
- He.net
- Hetzner
- Infomaniak
- INWX
- Ionos
- Linode
- LuaDNS
- Name.com
- Namecheap
- Netcup
- NoIP
- Now-DNS
- Njalla
- OpenDNS
- OVH
- Porkbun
- Selfhost.de
- Servercow.de
- Spdyn
- Strato.de
- Variomedia.de
- Zoneedit
- Want more? Create an issue for it!
- Web User interface
- Send notifications with Shoutrrr using
SHOUTRRR_ADDRESSES
- Container (Docker/K8s) specific features:
- Lightweight 15MB Docker image based on the Scratch Docker image
- Docker healthcheck verifying the DNS resolution of your domains
- Images compatible with
amd64
,386
,arm64
,armv7
,armv6
,s390x
,ppc64le
,riscv64
CPU architectures
- Persistence with a JSON file updates.json to store old IP addresses with change times for each record
-
Download the pre-built program for your platform from the assets of a release in the releases page. Note this is only available from release v2.6.0.
-
For Linux and MacOS, make the program executable with
chmod +x ddns-updater
. -
In the directory where the program is saved, create a directory
data
. -
Write a JSON configuration in
data/config.json
, for example:{ "settings": [ { "provider": "namecheap", "domain": "example.com", "host": "@", "password": "e5322165c1d74692bfa6d807100c0310" } ] }
You can find more information in the configuration section to customize it.
-
Run the program with
./ddns-updater
(./ddns-updater.exe
on Windows) or by double-clicking on it. -
The following is optional.
- You can customize the program behavior using either environment variables or flags. For flags, there is a flag corresponding to each environment variable, where it's all lowercase and underscores are replaced with dashes. For example the environment variable
LOG_LEVEL
translates into--log-level
.
- You can customize the program behavior using either environment variables or flags. For flags, there is a flag corresponding to each environment variable, where it's all lowercase and underscores are replaced with dashes. For example the environment variable
-
Create a directory of your choice, say data with a file named config.json inside:
mkdir data touch data/config.json # Owned by user ID of Docker container (1000) chown -R 1000 data # all access (for creating json database file data/updates.json) chmod 700 data # read access only chmod 400 data/config.json
If you want to use another user ID, build the image yourself with
--build-arg UID=<your-uid>
. You could also just run the container as root with--user="0"
but this is not advised security wise. -
Write a JSON configuration in data/config.json, for example:
{ "settings": [ { "provider": "namecheap", "domain": "example.com", "host": "@", "password": "e5322165c1d74692bfa6d807100c0310" } ] }
You can find more information in the configuration section to customize it.
-
Run the container with
docker run -d -p 8000:8000/tcp -v "$(pwd)"/data:/updater/data qmcgaw/ddns-updater
-
The following is optional.
- You can customize the program behavior using environment variables
- You can use docker-compose.yml with
docker-compose up -d
- Kubernetes: check out the k8s directory for an installation guide and examples.
- Other Docker image tags are available
- You can update the image with
docker pull qmcgaw/ddns-updater
- You can set your JSON configuration as a single environment variable line (i.e.
{"settings": [{"provider": "namecheap", ...}]}
), which takes precedence over config.json. Note however that if you don't bind mount the/updater/data
directory, there won't be a persistent database file/updater/updates.json
but it will still work.
Start by having the following content in config.json, or in your CONFIG
environment variable:
{
"settings": [
{
"provider": "",
},
{
"provider": "",
}
]
}
For each setting, you need to fill in parameters. Check the documentation for your DNS provider:
- Aliyun
- Cloudflare
- Custom
- DDNSS.de
- deSEC
- DigitalOcean
- DD24
- DonDominio
- DNSOMatic
- DNSPod
- Dreamhost
- DuckDNS
- DynDNS
- Dynu
- DynV6
- EasyDNS
- FreeDNS
- Gandi
- GCP
- GoDaddy
- GoIP.de
- He.net
- Infomaniak
- INWX
- Ionos
- Linode
- LuaDNS
- Name.com
- Namecheap
- Netcup
- NoIP
- Now-DNS
- Njalla
- OpenDNS
- OVH
- Porkbun
- Selfhost.de
- Servercow.de
- Spdyn
- Strato.de
- Variomedia.de
- Zoneedit
Note that:
- you can specify multiple hosts for the same domain using a comma separated list. For example with
"host": "@,subdomain1,subdomain2",
.
π There are now flags equivalent for each variable below, for example --log-level
.
Environment variable | Default | Description |
---|---|---|
CONFIG |
One line JSON object containing the entire config (takes precedence over config.json file) if specified | |
PERIOD |
5m |
Default period of IP address check, following this format |
PUBLICIP_FETCHERS |
all |
Comma separated fetcher types to obtain the public IP address from http and dns |
PUBLICIP_HTTP_PROVIDERS |
all |
Comma separated providers to obtain the public IP address (ipv4 or ipv6). See the Public IP section |
PUBLICIPV4_HTTP_PROVIDERS |
all |
Comma separated providers to obtain the public IPv4 address only. See the Public IP section |
PUBLICIPV6_HTTP_PROVIDERS |
all |
Comma separated providers to obtain the public IPv6 address only. See the Public IP section |
PUBLICIP_DNS_PROVIDERS |
all |
Comma separated providers to obtain the public IP address (IPv4 and/or IPv6). See the Public IP section |
PUBLICIP_DNS_TIMEOUT |
3s |
Public IP DNS query timeout |
UPDATE_COOLDOWN_PERIOD |
5m |
Duration to cooldown between updates for each record. This is useful to avoid being rate limited or banned. |
HTTP_TIMEOUT |
10s |
Timeout for all HTTP requests |
LISTENING_ADDRESS |
:8000 |
Internal TCP listening port for the web UI |
ROOT_URL |
/ |
URL path to append to all paths to the webUI (i.e. /ddns for accessing https://example.com/ddns through a proxy) |
HEALTH_SERVER_ADDRESS |
127.0.0.1:9999 |
Health server listening address |
HEALTH_HEALTHCHECKSIO_UUID |
UUID for healthchecks.io to send a heartbeat on every update check | |
DATADIR |
/updater/data |
Directory to read and write data files from internally |
BACKUP_PERIOD |
0 |
Set to a period (i.e. 72h15m ) to enable zip backups of data/config.json and data/updates.json in a zip file |
BACKUP_DIRECTORY |
/updater/data |
Directory to write backup zip files to if BACKUP_PERIOD is not 0 . |
RESOLVER_ADDRESS |
Your network DNS | A plaintext DNS address to use, such as 1.1.1.1:53 . This is useful for split dns, see #389 |
LOG_LEVEL |
info |
Level of logging, debug , info , warning or error |
LOG_CALLER |
hidden |
Show caller per log line, hidden or short |
SHOUTRRR_ADDRESSES |
(optional) Comma separated list of Shoutrrr addresses (notification services) | |
SHOUTRRR_DEFAULT_TITLE |
DDNS Updater |
Default title for Shoutrrr notifications |
TZ |
Timezone to have accurate times, i.e. America/Montreal |
By default, all public IP fetching types are used and cycled (over DNS and over HTTPs).
On top of that, for each fetching method, all echo services available are cycled on each request.
This allows you not to be blocked for making too many requests.
You can otherwise customize it with the following:
PUBLICIP_HTTP_PROVIDERS
gets your public IPv4 or IPv6 address. It can be one or more of the following:ipify
using https://api64.ipify.orgifconfig
using https://ifconfig.io/ipipinfo
using https://ipinfo.io/ipgoogle
using https://domains.google.com/checkipspdyn
using https://checkip.spdyn.deipleak
using https://ipleak.net/jsonicanhazip
using https://icanhazip.comident
using https://ident.mennev
using https://ip.nnev.dewtfismyip
using https://wtfismyip.com/textseeip
using https://api.seeip.org- You can also specify an HTTPS URL with prefix
url:
for exampleurl:https://ipinfo.io/ip
PUBLICIPV4_HTTP_PROVIDERS
gets your public IPv4 address only. It can be one or more of the following:ipleak
using https://ipv4.ipleak.net/jsonipify
using https://api.ipify.orgicanhazip
using https://ipv4.icanhazip.comident
using https://v4.ident.mennev
using https://ip4.nnev.dewtfismyip
using https://ipv4.wtfismyip.com/textseeip
using https://ipv4.seeip.org- You can also specify an HTTPS URL with prefix
url:
for exampleurl:https://ipinfo.io/ip
PUBLICIPV6_HTTP_PROVIDERS
gets your public IPv6 address only. It can be one or more of the following:ipleak
using https://ipv6.ipleak.net/jsonipify
using https://api6.ipify.orgicanhazip
using https://ipv6.icanhazip.comident
using https://v6.ident.mennev
using https://ip6.nnev.dewtfismyip
using https://ipv6.wtfismyip.com/textseeip
using https://ipv6.seeip.org- You can also specify an HTTPS URL with prefix
url:
for exampleurl:https://ipinfo.io/ip
PUBLICIP_DNS_PROVIDERS
gets your public IPv4 address only or IPv6 address only or one of them (see #136). It can be one or more of the following:cloudflare
opendns
If you have a host firewall in place, this container needs the following ports:
- TCP 443 outbound for outbound HTTPS
- UDP 53 outbound for outbound DNS resolution
- TCP 8000 inbound (or other) for the WebUI
At program start and every period (5 minutes by default):
- Fetch your public IP address
- For each record:
- DNS resolve it to obtain its current IP address(es)
- If the resolution fails, update the record with your public IP address by calling the DNS provider API and finish
- Check if your public IP address is within the resolved IP addresses
- Yes: skip the update
- No: update the record with your public IP address by calling the DNS provider API
- DNS resolve it to obtain its current IP address(es)
π‘ We do DNS resolution every period so it detects a change made to the record manually, for example on the DNS provider web UI π‘ As DNS resolutions are essentially free and without rate limiting, these are great to avoid getting banned for too many requests.
For Cloudflare records with the proxied
option, the following is done.
At program start and every period (5 minutes by default), for each record:
- Fetch your public IP address
- For each record:
- Check the last IP address (persisted in
updates.json
) for that record- If it doesn't exist, update the record with your public IP address by calling the DNS provider API and finish
- Check if your public IP address matches the last IP address you updated the record with
- Yes: skip the update
- No: update the record with your public IP address by calling the DNS provider API
- Check the last IP address (persisted in
This is the only way as doing a DNS resolution on the record will give the IP address of a Cloudflare server instead of your server.
- The automated healthcheck verifies all your records are up to date using DNS lookups
- You can also manually check, by:
- Going to your DNS management webpage
- Setting your record to
127.0.0.1
- Run the container
- Refresh the DNS management webpage and verify the update happened
You can build the image yourself with:
docker build -t qmcgaw/ddns-updater https://github.com/qdm12/ddns-updater.git
You can use optional build arguments with --build-arg KEY=VALUE
from the table below:
Build argument | Default | Description |
---|---|---|
UID |
1000 |
User ID running the container |
GID |
1000 |
User group ID running the container |
VERSION |
unknown |
Version of the program and Docker image |
CREATED |
an unknown date |
Build date of the program and Docker image |
COMMIT |
unknown |
Commit hash of the program and Docker image |
- Contribute with code
- Github workflows to know what's building
- List of issues and feature requests
- Kanban board
This repository is under an MIT license
Sponsor me on Github or donate to paypal.me/qmcgaw
Many thanks to J. Famiglietti for supporting me financially π₯π