Setting up Dynamic DNS through Cloudflare

Rob M

3 min read
Setting up Dynamic DNS through Cloudflare

This post has come about as I need to migrate over from my previous DynamicDNS service after the prices increased significantly following the end of my initial offer period. I'm sure that won't happen with this new free service.

Opted for Cloudflare as it also has numerous other beneficial features, although I really should've been using anyway as this blog is self hosted;

  • certificate management
  • proxied access (protecting private IP address)
  • ddos protection
  • free (for personal use)
  • analytics ?? could be useful to some

Setting up Cloudflare

Sign up for free at cloudflare.com, then once your email is verified, add your site to Cloudflare

Update the name servers for your domain - exactly as Cloudflare tells you to do. This can take up to 24hrs to take effect, but was complete for me in about 30mins, I received an automated email as soon as this took effect

As I need Dynamic DNS updates I've set up a single hostname that I want to receive these updates. I've used 'dynamic' as per the Cloudflare docs which makes it a bit easier to distinguish which domains/subdomains are receiving the dynamic address.

All the domains I actually want to work (e.g. www.chipshop.co) I create as CNAME entries, resolving to the dynamic.chipshop.co domain. I also create my root domain as a CNAME entry (chipshop.co) as shown below:

The 'i' next to the first CNAME indicates that Cloudflare has implemented CNAME flattening to this domain, the DNS spec states that the root domain should be pointing to an IP, but with flattening Cloudflare automatically follows the chain of domains to resolve the IP, ensuring that the spec is followed correctly (without generating errors)

DNS-O-Matic setup

Previously my IP was being updated using the built in updater within my router, however my router doesn't support Cloudflare directly so we need to use a third-party to update the IP address - I used DNS-O-Matic as this is recommended in Cloudflare docs (and is also natively supported by my router as well). DNS-O-Matic can be used to update lots of different services, not just Cloudflare.

Once registered for an account at DNS-O-Matic, Get your Cloudflare Global API key from Cloudfare, under My Profile > API Keys > Global API Key

Within DNS-O-Matic, go to YOUR SERVICES, then Add Service, and choose Cloudflare. Enter your Cloudflare email address, Global API Key, 'dynamic' as the hostname (matching the 'A' record in DNS), and your domain:

Automatically update DNS-O-Matic

Something will need to send your IP address to DNS-O-Matic, this can be done with software such as ddclient installed on your PC (ddclient can alternatively be used to send your IP directly to Cloudflare, missing out DNS-O-Matic altogether).

My router supports DynamicDNS updating to a select few services, DNS-O-Matic happens to be one of them. If your router natively supports it then it's definitely the better choice as it avoids running an extra service on your PC and presumably will know as soon as your IP changes.

The settings are as below:

Username: <your DNS-O-Matic username> (not the registered email address)

Password: <DNS-O-Matic password>

Service: <this is dependant on your router support>

Hostname: <the specific hostname you are updating, in this case 'dynamic', matching the config above>

With this in place DNS-O-Matic should receive updates from your router when your IP address changes, any errors will be emailed to your registered email address.

Replacing LetsEncrypt with Cloudflare cert

As my server was already configured with a LetsEncrypt certificate the default SSL configuration was causing some issues with connecting (generating errors about server being misconfigured). This was simple to fix by going to the SSL/TLS settings for the domain in Cloudflare, then enabling Full (Strict) mode.  

That's it.

It might take a little while to start working as DNS records need to propagate, (running ipconfig /flushdns on Windows can speed things up), but everything should start working. The browser certificate should update to show that it's now provided by Cloudflare, and if your server goes down, there will be a Cloudflare page displaying the issue, but other then that no change to the end user.