<![CDATA[Cloudflare DNS with multiple WAN]]>I have setup a multi wan config with starlink (SL_WAN) without public IP for high throughput and my ADSL provider (P_WAN) for its ability to have a public dynamic IP. But the Cloudflare Dynamic DNS client who is setup to use the P_WAN interface, send my SL_WAN IP to update the records :(
I should probably note that the routers for SL_WAN and P_WAN are not in bridge mode.

]]>https://forum.netgate.com/topic/197354/cloudflare-dns-with-multiple-wanRSS for NodeSun, 14 Jun 2026 10:14:16 GMTSun, 04 May 2025 11:56:26 GMT60<![CDATA[Reply to Cloudflare DNS with multiple WAN on Tue, 06 May 2025 00:20:29 GMT]]>Oups the script was not complete :( Here an updated version :)

#!/var/www/cloudflare/venv/bin/python3
# -*- coding: utf-8 -*-

import requests
import json
import re
import os

# Cloudflare API settings
API_TOKEN = 'my_api_token'
ZONE_ID = 'my_zone_id'

# TTL constant (120 = "Auto" on Cloudflare)
AUTO = 120

# DNS records to update
RECORDS_TO_UPDATE = [
    {'name': 'domain.org', 'type': 'A', 'proxied': True, 'ttl': AUTO},
    {'name': '*.domain.org', 'type': 'A', 'proxied': True, 'ttl': AUTO},
    {'name': 'minecraft.domain.org', 'type': 'A', 'proxied': False, 'ttl': AUTO}
]

# API headers
HEADERS = {
    'Authorization': f'Bearer {API_TOKEN}',
    'Content-Type': 'application/json',
}

# File path to store last known IP
LAST_IP_FILE = os.path.join(os.path.dirname(__file__), 'last_ip.txt')


def get_public_ip():
    """Fetch current public IP from checkip.dyndns.org"""
    try:
        response = requests.get("http://checkip.dyndns.org/")
        ip = re.search(r"Current IP Address: ([\d.]+)", response.text).group(1)
        return ip
    except Exception as e:
        raise RuntimeError(f"Failed to detect public IP: {e}")


def load_last_ip():
    """Read the last saved public IP address"""
    try:
        with open(LAST_IP_FILE, 'r') as f:
            return f.read().strip()
    except FileNotFoundError:
        return None


def save_current_ip(ip):
    """Save the current public IP address"""
    with open(LAST_IP_FILE, 'w') as f:
        f.write(ip)


def get_all_dns_records():
    """Fetch all DNS records in the Cloudflare zone"""
    url = f'https://api.cloudflare.com/client/v4/zones/{ZONE_ID}/dns_records'
    response = requests.get(url, headers=HEADERS)

    if response.status_code != 200:
        raise RuntimeError(f"Failed to fetch DNS records: {response.text}")

    return response.json().get('result', [])


def update_dns_record(record_id, name, record_type, proxied, ttl, new_ip):
    """Update a DNS record on Cloudflare"""
    url = f'https://api.cloudflare.com/client/v4/zones/{ZONE_ID}/dns_records/{record_id}'
    payload = { 'type': record_type, 'name': name, 'content': new_ip, 'ttl': ttl, 'proxied': proxied }
    response = requests.put(url, headers=HEADERS, data=json.dumps(payload))

    if response.status_code == 200:
        print(f"βœ… Updated {name} to {new_ip}")
    else:
        raise RuntimeError(f"Failed to update {name}: {response.text}")


def main():
    # Output HTTP header (for CGI)
    print('Content-Type: text/plain; charset=utf-8\n')

    try:
        current_ip = get_public_ip()
        last_ip = load_last_ip()

        print(f"🌍 Current Public IP: {current_ip}")
        if current_ip == last_ip:
            print("⏸️  Public IP has not changed. Skipping update.")
            return

        all_records = get_all_dns_records()
        record_id_map = {(rec['name'], rec['type']): rec['id'] for rec in all_records}

        all_success = True

        for record in RECORDS_TO_UPDATE:
            key = (record['name'], record['type'])
            record_id = record_id_map.get(key)

            if not record_id:
                print(f"⚠️ No record ID found for {record['name']} ({record['type']})")
                all_success = False
                continue

            try:
                update_dns_record(record_id, record['name'], record['type'], record['proxied'], record['ttl'], current_ip)
            except Exception as e:
                print(f"❌ Failed to update {record['name']}: {e}")
                all_success = False

        if all_success:
            save_current_ip(current_ip)
            print("βœ… All records updated successfully. IP saved.")
        else:
            print("⚠️ Some updates failed. IP not saved to ensure retry next time.")

    except Exception as e:
        print(f"🚫 Script failed: {e}")


if __name__ == '__main__':
    main()
]]>https://forum.netgate.com/post/1214017https://forum.netgate.com/post/1214017Tue, 06 May 2025 00:20:29 GMT<![CDATA[Reply to Cloudflare DNS with multiple WAN on Sun, 04 May 2025 16:50:59 GMT]]>@Cabu Sounds like the bug listed at https://docs.netgate.com/pfsense/en/latest/releases/25-03.html#dynamic-dns ?

]]>https://forum.netgate.com/post/1213936https://forum.netgate.com/post/1213936Sun, 04 May 2025 16:50:59 GMT<![CDATA[Reply to Cloudflare DNS with multiple WAN on Sun, 04 May 2025 15:26:36 GMT]]>I worked around by using a custom dynamic dns client that run this script as a cgi from my webserver:

#!/var/www/cloudflare/venv/bin/python3
# -*- coding: utf-8 -*-

import requests
import json
import re

# Cloudflare API settings
API_TOKEN = 'my_api_token'
ZONE_ID = 'my_zone_id'

# TTL constant
AUTO = 120  # 120 = Auto

# DNS records to update
RECORDS_TO_UPDATE = [
    {'name': 'domain.org', 'type': 'A', 'proxied': True, 'ttl': AUTO},
    {'name': '*.domain.org', 'type': 'A', 'proxied': True, 'ttl': AUTO},
    {'name': 'minecraft.domain.org', 'type': 'A', 'proxied': False, 'ttl': AUTO}
]

# API headers
HEADERS = {
    'Authorization': f'Bearer {API_TOKEN}',
    'Content-Type': 'application/json',
}


def get_public_ip():
    """Fetch current public IP from checkip.dyndns.org"""
    try:
        response = requests.get("http://checkip.dyndns.org/")
        ip = re.search(r"Current IP Address: ([\d.]+)", response.text).group(1)
        return ip
    except Exception as e:
        raise RuntimeError(f"Failed to detect public IP: {e}")


def get_dns_record_id(record_name, record_type):
    """Retrieve DNS record ID from Cloudflare"""
    url = f'https://api.cloudflare.com/client/v4/zones/{ZONE_ID}/dns_records'
    params = {'type': record_type, 'name': record_name}
    response = requests.get(url, headers=HEADERS, params=params)

    if response.status_code != 200:
        raise RuntimeError(f"Failed to fetch DNS record: {response.text}")

    result = response.json().get('result', [])
    if not result:
        raise RuntimeError(f"No matching DNS record for {record_name} ({record_type})")

    return result[0]['id']


def update_dns_record(record_id, name, record_type, proxied, ttl, new_ip):
    """Update a specific DNS record"""
    url = f'https://api.cloudflare.com/client/v4/zones/{ZONE_ID}/dns_records/{record_id}'
    payload = {
        'type': record_type,
        'name': name,
        'content': new_ip,
        'ttl': ttl,
        'proxied': proxied
    }
    response = requests.put(url, headers=HEADERS, data=json.dumps(payload))

    if response.status_code == 200:
        print(f"βœ… Updated {name} to {new_ip}")
    else:
        print(f"❌ Failed to update {name}: {response.text}")

I also ensure that all requests to checkip.dyndns.org go through my P_WAN with a rule :)

]]>https://forum.netgate.com/post/1213934https://forum.netgate.com/post/1213934Sun, 04 May 2025 15:26:36 GMT