Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] Setting up Cloudflare Dynamic DNS without using Global API Key

    Scheduled Pinned Locked Moved
    DHCP and DNS
    4
    4
    1.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      guardian Rebel Alliance
      last edited by guardian

      Has anyone got Cloudflare DDNS working without using a global API key that allows complete access to the Cloudflare account. My search seems to indicate that it is possible, but there is not enough detail for me to understand exactly what I need to do to get things working.

      I want subdomain.mydomain.com to point to my home IP address for road warrior VPN access. I currently have several subdomains on mydomain.com that are pointing to a number of different IP addresses.

      I setup subdomain.mydomain.com with a placeholder entry "1.1.1.1" which is supposed to be replaced when the DDNS is operational.

      I was also able to create a user API token with permissions Edit zone / DNS:Edit for the single domain mydomain.com

      I'm now stuck. Any guidance would be much appreciated.

      SOLUTION:
      After creating an A Record in Cloudflare for use by the DDNS, create a User API Token by selecting 'My Profile' / API Tokens
      ed606820-a098-46ba-85ee-9158c9b566fb-image.png
      and then select "Create Token"

      Under Zone Resources fill in the domain name to be used (mydomain.com)
      cacb8259-dbdc-4f4f-9f12-6d919ebb5605-image.png

      Once you have created and saved a copy of the API token, configure the pfSense dynamic DNS client as follows:

      1. Servoce type = Cloudflare
      2. Omterface to monitor = WAN
      3. Hostname = subdomain t be used
      4. Domain = root domain to be used.
      5. Username = Blank / No Entry
      6. Password = API Token just created (paste a copy to both fields)
      7. TTL = Low value TTL
      8. Description = Optional Comment

      If somehow the token gets stolen, damage is limited to only changing the DNS records for the domain used by the DDNS. If a global key was stolen, the entire account could be hijacked.

      Hope this helps... no sense everybody wasting their time figuring it out;.

      If you find my post useful, please give it a thumbs up!
      pfSense 2.7.2-RELEASE

      K L 2 Replies Last reply Reply Quote 3
      • K
        kowi @guardian
        last edited by

        @guardian

        Did you ever figure this out?
        I have the same problem.

        The global token works, but not when trying to use a user token.

        johnpozJ 1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @kowi
          last edited by johnpoz

          @kowi he posted how he did right there..

          Under the SOLUTION: ;)

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.03

          1 Reply Last reply Reply Quote 1
          • L
            logan5247 @guardian
            last edited by

            @guardian said in [SOLVED] Setting up Cloudflare Dynamic DNS without using Global API Key:

            Zone Resources fill in the domain name to be used (mydomain.co

            Thank you! I just needed to set this up and all the other tutorials say you need a global key!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post