CD
Cloudflare Developers2w ago
freeviruzdotorg

Custom SOA Records and permission for Cloudflare API for DDNS (ddclient or CF API prefer) with BIND9

I'm quite new to attempting to dynamically update DNS from my environemt to anything really out there and wanted to learn. Few questions and some errors I came across with some issues and I've googled/researched in general for trying to resolve it and come up with more and more issues. anyways, here is what it is: Using - Ubuntu server 22.04 DNS Service - BIND9 Dynamic DNS handled - DDCLIENT (or I would like to just use cron with the CF API preferred from bash) Start: So i (heavan forbid) used openAI (and explored online forums/CF Forums/API docs and git repos) attempting to configure DDNS with the CF API to push up to my domain to update my IP Address dynamically along with any DNS Records when applicable on my system. It has failed thus far with: {"success":false,"errors":[{"code":10000,"message":"PUT method not allowed for the api_token authentication scheme"}]} Permissions configured in CF are: Zone - Zone - READ Zone - DNS - Edit Registrar is from - Squarespace Name servers are on - Cloudflare and is also handling all DNS records Am i missing anything? I can post script at the bottom excluding/blanking information End goal: Dynamically Update public IP address from UDM Pro to CF with API Update DNS records from my on-prem DNS server upstream/downstream to CF and my on-prem DNS server Thanks!
8 Replies
freeviruzdotorg
freeviruzdotorgOP2w ago
The related script from the output displayed in post: 
#!/bin/bash

# Cloudflare API Token and Zone Information
API_TOKEN="API_Token_for_zone_config"
ZONE_ID="ZONE_ID_FROM_CF_DASHBOARD_OVERVIEW"
RECORD_NAME="example.com"
EMAIL="[email protected]"  # Optional if you're using global API key
DOMAIN="example.com"

# Get the current external IP address
CURRENT_IP=$(curl -s https://api.ipify.org)

# Get the Cloudflare DNS record ID for the subdomain
DNS_RECORD_ID=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records?name=$RECORD_NAME" \
-H "Authorization: Bearer $API_TOKEN" | jq -r '.result[0].id')

# Check if IP has changed
if [[ $(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records/$DNS_RECORD_ID" \
-H "Authorization: Bearer $API_TOKEN" | jq -r '.result.content') != "$CURRENT_IP" ]]; then
  # Update the DNS record with the new IP address
#  curl -s -X PUT "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records/$DNS_RECORD_ID" \
#  -H "Authorization: Bearer $API_TOKEN" \
#  -H "Content-Type: application/json" \
#  --data '{"type":"A","name":"'"$RECORD_NAME"'","content":"'"$CURRENT_IP"'","ttl":120,"proxied":false}'

curl -X PUT "https://api.cloudflare.com/client/v4/user/tokens/verify" \
     -H "Authorization: Bearer $API_TOKEN" \
     -H "Content-Type:application/json" \
    --data '{
    "type":"A",
    "name":"'"$RECORD_NAME"'",
    "content":"'"$CURRENT_IP"'",
    "ttl":120,
    "proxied":false}'

fi
#!/bin/bash

# Cloudflare API Token and Zone Information
API_TOKEN="API_Token_for_zone_config"
ZONE_ID="ZONE_ID_FROM_CF_DASHBOARD_OVERVIEW"
RECORD_NAME="example.com"
EMAIL="[email protected]"  # Optional if you're using global API key
DOMAIN="example.com"

# Get the current external IP address
CURRENT_IP=$(curl -s https://api.ipify.org)

# Get the Cloudflare DNS record ID for the subdomain
DNS_RECORD_ID=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records?name=$RECORD_NAME" \
-H "Authorization: Bearer $API_TOKEN" | jq -r '.result[0].id')

# Check if IP has changed
if [[ $(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records/$DNS_RECORD_ID" \
-H "Authorization: Bearer $API_TOKEN" | jq -r '.result.content') != "$CURRENT_IP" ]]; then
  # Update the DNS record with the new IP address
#  curl -s -X PUT "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records/$DNS_RECORD_ID" \
#  -H "Authorization: Bearer $API_TOKEN" \
#  -H "Content-Type: application/json" \
#  --data '{"type":"A","name":"'"$RECORD_NAME"'","content":"'"$CURRENT_IP"'","ttl":120,"proxied":false}'

curl -X PUT "https://api.cloudflare.com/client/v4/user/tokens/verify" \
     -H "Authorization: Bearer $API_TOKEN" \
     -H "Content-Type:application/json" \
    --data '{
    "type":"A",
    "name":"'"$RECORD_NAME"'",
    "content":"'"$CURRENT_IP"'",
    "ttl":120,
    "proxied":false}'

fi
Related error output from above script: {"success":false,"errors":[{"code":7001,"message":"Method PUT not available for that URI."}],"messages":[],"result":null} also received prior to modifications from OG post: {"success":false,"errors":[{"code":10000,"message":"PUT method not allowed for the api_token authentication scheme"}]} (commented out section was the portion of where the permission error code 10000 was presented in the script. wanted to keep in the event i missed something) Using CF Docs from custom SOA error, its from this script: 
curl --request PATCH \
  --url https://api.cloudflare.com/client/v4/zones/ZONE_ID_FROM_CF_DASHBOARD/dns_settings \
  --header 'Content-Type: application/json' \
  --header 'X-Auth-Email: [email protected]' \
  --header 'X-Auth-Key: GLOBAL_API_KEY' \
  --data '{
  "flatten_all_cnames": false,
  "foundation_dns": false,
  "multi_provider": false,
  "nameservers": {
    "type": "cloudflare.standard",
    "ns_set": 1
  },
  "ns_ttl": 86400,
  "secondary_overrides": false,
  "soa": {
    "expire": 604800,
    "min_ttl": 1800,
    "mname": "primary.ns.cloudflare.com",
    "refresh": 10000,
    "retry": 2400,
    "rname": "secondary.ns.cloudflare.com",
    "ttl": 3600,
    "serial": 2356498458
  },
  "zone_mode": "dns_only"
}'
curl --request PATCH \
  --url https://api.cloudflare.com/client/v4/zones/ZONE_ID_FROM_CF_DASHBOARD/dns_settings \
  --header 'Content-Type: application/json' \
  --header 'X-Auth-Email: [email protected]' \
  --header 'X-Auth-Key: GLOBAL_API_KEY' \
  --data '{
  "flatten_all_cnames": false,
  "foundation_dns": false,
  "multi_provider": false,
  "nameservers": {
    "type": "cloudflare.standard",
    "ns_set": 1
  },
  "ns_ttl": 86400,
  "secondary_overrides": false,
  "soa": {
    "expire": 604800,
    "min_ttl": 1800,
    "mname": "primary.ns.cloudflare.com",
    "refresh": 10000,
    "retry": 2400,
    "rname": "secondary.ns.cloudflare.com",
    "ttl": 3600,
    "serial": 2356498458
  },
  "zone_mode": "dns_only"
}'
Error output is as stated: {"result":null,"success":false,"errors":[{"code":1003,"message":"Custom SOA records are not available to this account or zone. Contact support for more information."}],"messages":[]} (this was a copy/paste with mods ofc from the CF API docs i found)
Chaika
Chaika2w ago
That script doesn't make any sense. You commented out the DNS Update, which if erroring before with "PUT method not allowed for the api_token authentication scheme" means it wasn't finding the record (ignore that it's a terrible error), and it's now trying to do a PUT with dns record contents to tokens/verify? fwiw if you give it the right record name and uncomment the put to dns_records and remove the put to tokens/verify it does work fine not sure how that relates to your other issues, but yea not going to be able to modify the soa, think would need secondary dns enterprise setup or some other enterprise setup, what are you trying to do?
freeviruzdotorg
freeviruzdotorgOP2w ago
Essentially update my public IP address from my local DNS server to CF Also being able to automate and update/add records to CF from the DNS server using Ubuntu and DD client (BIND9 as DNS service) Sorry still new and I tried to read docs of the API prior to asking (cron will be used to schedule automation)
Chaika
Chaika2w ago
ahhh ok, yea won't be able to touch the SOA records, managed automagically by CF, can do the rest though
freeviruzdotorg
freeviruzdotorgOP2w ago
Figures... This is why I don't like using AI lol Got any actual useful docs by any chance? (it's pretty damn obv I have no clue what I'm doing to be frank)
Chaika
Chaika2w ago
The new api docs are at https://developers.cloudflare.com/api-next/resources/dns/subresources/records/methods/batch/ which aren't perfect but better, some of the errors like invalid dns record are a bit eh
Cloudflare API | DNS › Records › Batch DNS Records
Interact with Cloudflare's products and services via the Cloudflare API
Chaika
Chaika2w ago
dns records aren't too confusing I don't think though, it's hacky but ultimately everything in Cloudflare's dashboard/UI goes through the API with the same endpoints and bodies, so if you pop open dev tools and network tab while you create/look at dns records, you can see what it does
freeviruzdotorg
freeviruzdotorgOP2w ago
Gotcha, much appreciated! I'll look tomorrow, I've dealt with ES, logstash and LLM databases enough today lol, I'll take a look tomorrow. Fyi - as someone who tried configuring cuckoo sandbox for 9 months and failing, it's okay lol. I'm sure I'll figure it out with /var/logs if possible or my logs in elastic search (Waiting for my domain to move from square space to CF at the moment)
Want results from more Discord servers?
Add your server