Synology Dynamic DNS with Cloudflare for both multidomains and subdomains

Documentation website: https://mrikirill.github.io/SynologyDDNSCloudflareMultidomain/

📢 Check out the new native version of this agent, written in Kotlin -> KTSynologyDDNSCloudflareMultidomain

Table of contents

• Features
• Before you begin
• How to install
• Troubleshooting and known issues
  • CloudFlare API free domains limitation
  • Connection test failed or error returned
  • Cloudflare no longer listed as a DDNS provider after a DSM update
• Default Cloudflare ports
• Debug script
• Support this project

Features

• Synology Integration: Adds Cloudflare support to Synology DSM and SRM Network Center > Dynamic DNS (DDNS).
• Comprehensive Domain Support: Supports single domains, multidomains, subdomains, and regional domains (e.g., dev.my.domain.com.au).
• Dual Stack: Autodetects and updates both IPv4 and IPv6 addresses.
• Easy Installation: Automated installation script via SSH or Task Scheduler.
• Modern API: Based on Cloudflare API v4 with optimized requests.
• Extended Capabilities: Supports up to 256 characters for hostnames.

Before you begin

Before starting the installation process, make sure you have (and know) the following information, or have completed these steps:

1. Cloudflare credentials:

   a. Know your Cloudflare account username (or register for an account if you're new to Cloudflare); and

   b. Have your API key - no need to use your Global API key! (More info: API keys).

   

   c. Create a API key with following (3) permissions:

   Zone > Zone.Settings > Read
   Zone > Zone > Read
   Zone > DNS > Edit

   The affected zone resources have to be (at least):

   Include > All zones from an account > <domain>

2. DNS settings:

   Ensure the DNS A record(s) for the domain/zone(s) you wish to update with this script have been created (More information: Managing DNS records).

   Case for if IPv6 is available (check via https://api6.ipify.org), you can create an AAAA record for the domain/zone(s) you wish to update with this script.

   Your DNS records should appear (or already be setup as follows) in Cloudflare:

   (Note: Having Proxied turned on for your A records isn't necessary, but it will prevent those snooping around from easily finding out your current IP address)

   

3. SSH access to your Synology device:

If you haven't setup this access, see the following Synology Knowledge Base article: How can I sign in to DSM/SRM with root privilege via SSH?

4. SRM users: Knowledge of vi:

vi is the only text editor available within the Busybox environment available at the SSH command line on devices running SRM.

For assistance with vi commands, see: Basic vi commands

How to install

Method 1: via Task Scheduler (Recommended - No SSH required)

1. Open Control Panel > Task Scheduler.
2. Click Create > Scheduled Task > User-defined script.
3. In the General tab:
   • Task: Install Cloudflare DDNS
   • User: root (Important!)
   • Uncheck "Enabled" (we only need to run this once).
4. In the Task Settings tab:
   • Run command:

     wget https://raw.githubusercontent.com/mrikirill/SynologyDDNSCloudflareMultidomain/master/install.sh -O /tmp/install.sh && bash /tmp/install.sh

5. Click OK.
6. Select the newly created task and click Run.
7. Once the task has finished (you can check via Action > View Result), you can delete the task.

Method 2: via SSH

1. SSH with root privileges on your supported device:

   a. For DSM Users:

   Navigate to Control Panel > Terminal & SNMP > Enable SSH service

   b. For SRM users:

   Navigate to Control Panel > Services > System Services > Terminal > Enable SSH service

   

2. Connect via SSH: Connect to your supported device via SSH and execute command

• 🆕 For DSM Users

  wget https://raw.githubusercontent.com/mrikirill/SynologyDDNSCloudflareMultidomain/master/install.sh -O install.sh && sudo bash install.sh
  

• 🆕 For SRM Users Note: Ensure you are connected as root in your SSH session

  wget https://raw.githubusercontent.com/mrikirill/SynologyDDNSCloudflareMultidomain/master/install.sh -O install.sh && sudo bash install.sh
  

  Note: For SRM users, you must connect to your device as root. No other username will allow these commands to run. Don't forget to deactivate SSH (step 1) if you don't need it. Leaving it active can be a security risk.

Configure DDNS (Required for both methods)

Update your DDNS settings:

 a. *For DSM Users:* Navigate to __Control Panel > External Access > DDNS__ then add new DDNS
 
 b. *For SRM users:* Navigate to __Network Centre > Internet > QuickConnect & DDNS > DDNS__ and press the Add button:

Add/Update the DDNS settings screen as follows:

* Service provider: Select Cloudflare
* 🆕Hostname: this field is not used anymore, you can put any value here
* Username:

For a single domain: mydomain.com For multiple domains: subdomain.mydomain.com|vpn.mydomain.com 🆕(ensure each domain is separated: |)🆕

    __Note: there is a 256-character limit on Hostname input__
* Password: Your created Cloudflare API Key

![image](https://github.com/mrikirill/SynologyDDNSCloudflareMultidomain/blob/master/docs/example3.png)

Finally, press the test connection button to confirm all information is correctly entered, before pressing Ok to save and confirm your details.

4. You're done! Optional, if you're happy with this script you could buy me ☕ or 🍺 here ->

Troubleshooting and known issues

Cloudflare API free domains limitation

Cloudflare API doesn't support domains with a .cf, .ga, .gq, .ml, or .tk TLD (top-level domain)

For more details read here: #28 and https://community.cloudflare.com/t/unable-to-update-ddns-using-api-for-some-tlds/167228/61

Response example:

{
  "result": null,
  "success": false,
  "errors": [
    {
      "code": 1038,
      "message": "You cannot use this API for domains with a .cf, .ga, .gq, .ml, or .tk TLD (top-level domain). To configure the DNS settings for this domain, use the Cloudflare Dashboard."
    }
  ],
  "messages": []
}

Connection test failed or error returned

This will manifest as either 1020 error; or the update attempt not showing in your Cloudflare Audit logs.

That generally means you may not have entered something correctly in the DDNS screen for your domain(s).

Revisit Before you begin to ensure you have all the right information, then go back to Step 4 in How to install to make sure everything is correctly entered.

Handy hint: You can also check your Cloudflare Audit logs to see what - if anything - has made it there with your API key (More information: Understanding Cloudflare Audit Logs). Updates using the API will appear in the Audit logs as a Rec Set action.

Cloudflare no longer listed as a DDNS provider after DSM or SRM updates

After system updates to either Synology DSM or SRM, you may find that:

• /usr/syno/bin/ddns/cloudflare.php has been deleted;
• /etc.defaults/ddns_provider.conf was reset to its default settings (settings for Cloudflare no longer included); and
• The DDNS settings in your DDNS panel constantly show Cloudflare's status as loading.

If this occurs, simply repeat the How to install steps shown above.

Default Cloudflare ports

Source Identifying network ports compatible with Cloudflare's proxy

HTTP ports supported by Cloudflare	HTTPS ports supported by Cloudflare
80	443
8080	2053
8880	2083
2052	2087
2082	2096
2086	8443
2095

Debug

You can run this script directly to see output logs

• SSH into your Synology system

• Run this command:

/usr/bin/php -d open_basedir=/usr/syno/bin/ddns -f /usr/syno/bin/ddns/cloudflare.php "domain1.com|vpn.domain2.com" "your-Cloudflare-token" "" "your-ip-address"

• Check output logs

Credits

MKDoc - generate documentation

Support this project

If you find this project helpful, please support it here