• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[SOLVED] Setting up Cloudflare Dynamic DNS without using Global API Key

Scheduled Pinned Locked Moved DHCP and DNS
4 Posts 4 Posters 3.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    guardian Rebel Alliance
    last edited by guardian Dec 22, 2023, 7:38 AM Dec 21, 2023, 9:28 PM

    Has anyone got Cloudflare DDNS working without using a global API key that allows complete access to the Cloudflare account. My search seems to indicate that it is possible, but there is not enough detail for me to understand exactly what I need to do to get things working.

    I want subdomain.mydomain.com to point to my home IP address for road warrior VPN access. I currently have several subdomains on mydomain.com that are pointing to a number of different IP addresses.

    I setup subdomain.mydomain.com with a placeholder entry "1.1.1.1" which is supposed to be replaced when the DDNS is operational.

    I was also able to create a user API token with permissions Edit zone / DNS:Edit for the single domain mydomain.com

    I'm now stuck. Any guidance would be much appreciated.

    SOLUTION:
    After creating an A Record in Cloudflare for use by the DDNS, create a User API Token by selecting 'My Profile' / API Tokens
    ed606820-a098-46ba-85ee-9158c9b566fb-image.png
    and then select "Create Token"

    Under Zone Resources fill in the domain name to be used (mydomain.com)
    cacb8259-dbdc-4f4f-9f12-6d919ebb5605-image.png

    Once you have created and saved a copy of the API token, configure the pfSense dynamic DNS client as follows:

    1. Servoce type = Cloudflare
    2. Omterface to monitor = WAN
    3. Hostname = subdomain t be used
    4. Domain = root domain to be used.
    5. Username = Blank / No Entry
    6. Password = API Token just created (paste a copy to both fields)
    7. TTL = Low value TTL
    8. Description = Optional Comment

    If somehow the token gets stolen, damage is limited to only changing the DNS records for the domain used by the DDNS. If a global key was stolen, the entire account could be hijacked.

    Hope this helps... no sense everybody wasting their time figuring it out;.

    If you find my post useful, please give it a thumbs up!
    pfSense 2.7.2-RELEASE

    K L 2 Replies Last reply Oct 26, 2024, 10:10 PM Reply Quote 3
    • K
      kowi @guardian
      last edited by Oct 26, 2024, 10:10 PM

      @guardian

      Did you ever figure this out?
      I have the same problem.

      The global token works, but not when trying to use a user token.

      J 1 Reply Last reply Oct 27, 2024, 8:14 AM Reply Quote 0
      • J
        johnpoz LAYER 8 Global Moderator @kowi
        last edited by johnpoz Oct 27, 2024, 8:17 AM Oct 27, 2024, 8:14 AM

        @kowi he posted how he did right there..

        Under the SOLUTION: ;)

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 1
        • L
          logan5247 @guardian
          last edited by Dec 12, 2024, 1:30 AM

          @guardian said in [SOLVED] Setting up Cloudflare Dynamic DNS without using Global API Key:

          Zone Resources fill in the domain name to be used (mydomain.co

          Thank you! I just needed to set this up and all the other tutorials say you need a global key!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received