How to Configure DDClient on Debian 12 with Cloudflare API Token for Dynamic DNS (IPv4 and IPv6)

In this guide, we’ll walk through configuring DDClient on Debian 12 to update your Cloudflare DNS records automatically using an API token. This setup will ensure that both your IPv4 and IPv6 addresses are updated seamlessly whenever your IP changes.

Prerequisites

• A Cloudflare account.
• An API token with permissions to update DNS records.
• A domain managed via Cloudflare.
• A Debian 12 server (or similar).

Step 1: Install DDClient on Debian

Start by installing ddclient:

sudo apt update
sudo apt install ddclient

Step 2: Generate Cloudflare API Token

1. Log in to your Cloudflare dashboard.
2. Navigate to My Profile > API Tokens.
3. Create a new token with the following permissions:

• Zone: DNS: Edit
• Zone: Read

4. Select the specific zone (domain) you want to manage.

5. Copy the API token for use in your DDClient configuration.

Step 3: Configure DDClient

Next, we’ll configure DDClient to interact with Cloudflare using the API token.

Open the DDClient configuration file:

sudo nano /etc/ddclient.conf

Add the following configuration, making sure to replace the placeholders (your_cloudflare_api_token, your_domain.com) with your actual details:

protocol=cloudflare
ssl=yes
password=your_cloudflare_api_token
zone=your_domain.com

# For IPv4 updates
use=web, web=ipify-ipv4
your_subdomain.your_domain.com

# For IPv6 updates
use=web, web=ipify-ipv6
your_subdomain.your_domain.com, ipv6

Explanation:

• protocol=cloudflare: Tells DDClient to use the Cloudflare API.
• use=web, web=ipify-ipv4: Fetches your public IPv4 address using ipify.
• use=web, web=ipify-ipv6: Fetches your public IPv6 address.
• ssl=yes: Ensures that DDClient communicates securely with Cloudflare.
• password=your_cloudflare_api_token: The API token from Cloudflare.
• zone=your_domain.com: Specifies the domain name.
• your_subdomain.your_domain.com: This is the subdomain you wish to update.

Step 4: Create the DNS Record on Cloudflare

Before DDClient can update the IP addresses, you need to have existing A (IPv4) and AAAA (IPv6) records on Cloudflare.

1. Go to your Cloudflare dashboard.
2. Select your domain.
3. Under DNS settings, create an A record for your subdomain, pointing to any IP (this will be updated by DDClient).
4. Similarly, create an AAAA record for IPv6.

Step 5: Restart and Test DDClient

After configuring DDClient, restart the service:

sudo service ddclient restart

Now, test your configuration to ensure that it’s working correctly:

sudo ddclient -daemon=0 -verbose -debug

If everything is configured correctly, you should see DDClient successfully update both your A (IPv4) and AAAA (IPv6) records on Cloudflare.

Step 6: Automate DDClient

By default, DDClient should automatically run as a daemon and check your IP periodically. You can adjust the interval if necessary by editing the DDClient service configuration.

To ensure DDClient runs on boot:

sudo systemctl enable ddclient

Troubleshooting

1. Check the logs: If updates are failing, check DDClient’s verbose output or system logs for any clues:

sudo journalctl -u ddclient

2. Cloudflare Audit Log: If updates are not reflecting, you can check.

3. Cloudflare’s Audit Log to see if the API requests are being received.

Conclusion

You’ve successfully set up DDClient on Debian 12 to manage your Cloudflare DNS records using an API token. This setup ensures that both your IPv4 and IPv6 addresses are always up-to-date, even if your ISP changes your IP.

Feel free to share this guide with others who are looking to automate their Dynamic DNS updates using Cloudflare and DDClient!