Featured image of post Configure Mikrotik with Cloudflare DDNS

Configure Mikrotik with Cloudflare DDNS

Configure your MikroTik to use the Cloudflare DDNS service. This is a powerful tool for people who own a homelab

On last year I published a guide to configure our Mikrotik with the OVH DDNS Service you can read the post in the next link: Configure Mikrotik with OVH DynDNS. A few days ago I migrated my DNS Zone from OVH to Cloudflare, and as you guessed I needed to change the DDNS from OVH to Cloudflare inside the Mikrotik script.

If you don’t know what DDNS is, it is a basic service where you have a local script or program to check when your public IP address changes and update the DNS record associated to it. This service is used by lots of people who have a homelab and are not given a static IP address from their ISP provider.

What I need

First of all, we need some information to use this script in your Mikrotik from Cloudflare:

  1. DNS Zone in Cloudflare
  2. Subdomain what we use to set the IP
  3. API Token to configure the script
  4. Script ddns_cloudflare for your mikrotik
  • After you create the DNS zone in Cloudflare and point the NS of your domain to it, create your custom sub-domain in your zone, like “private.mydomain.com” or something like that

  • To create your API token, refer to this article from Cloudflare from the Cloudflare docs

  • Download the ddns_cloudflare script

Gathering details for the script

The script needs some local variables to work properly. You need to get the zoneID, dnsRecordID, apiToken, email, subdomain from the DNS record and also the interface from Mikrotik where your public IP address is assigned to.

curl --request GET \
  --url https://api.cloudflare.com/client/v4/zones/zone_identifier/dns_records \
  --header 'Content-Type: application/json' \
  --header 'X-Auth-Email: '

On the router, go and check what your WAN interface is. You can see that in the /ip address section.

Configure the script

In the script, variables are defined through the :local refs where you need to put the information:

:local cfzoneid "" // Cloudflare Zone ID
:local cfdnsrecordid "" // Cloudflare DNS Record ID
:local cftoken "" // Cloudflare API Token
:local cfemail "" // Cloudflare email user
:local cfdnshost "" // Cloudflare subdomain

:local publicinterface "" // Mikrotik Public interface

Just fill the spaces between double commas for each variable with the values you got in the previous step.

Setting up the DynDNS client script

Now go to your Mikrotik’s web interface and browse to the System -> Scripts menu, click on Add new, and fill in the form fields as follows:

- Name: ddns_cloudflare
- Policy: read, write, test

Now you can test the script by applying and clicking on Run Script. If everything is correct, you can see how on your Cloudflare’s dashboard the DNS record configured with the public IP address has been automatically updated. You also might like to use cli utilities such as dig or drill to check it out. That’s up to you :)

Scheduling the DDNS script

Now here’s the thing. We got everything set up, verified that runs as intended, and everything is ready. But at this point, if you don’t click on the “Run script” button, the script won’t trigger itself. Hopefully that is quite simple to fix: just configure a Scheduler to run this script on a given time basis (say 10 minutes).

To achive this, from your Mikrotik’s web UI, go to System -> Scheduler menu, and click on Add new, then just fill each field with the next details:

- Name: ddns_cloudflare
- Interval: 00:10:00
- Policy: read, write, test
- On event: /system script run ddns_cloudflare

If you prefer setting this up through the cli, this is done just by running the following command:

/system scheduler
add interval=10m name=ddns_cloudflare on-event="/system script run ddns_cloudflare" policy=read,write,test start-time=startup

Remember that you can change the interval accordingly to fit your own needs.

With that, we can say we’re done! You have configured the Cloudflare DDNS on your Mikrotik, and now you can connect remotely to your home network by pointing your VPN configuration to your very own, automatically updated domain record.

See you next time, don’t forget to share & leave a comment!

Built with Hugo