Last active
September 11, 2024 11:18
-
-
Save ChrisG661/ec88d2b277667a1cda0df70244c314c8 to your computer and use it in GitHub Desktop.
Mikrotik RouterOS Cloudflare Dynamic DNS Script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Cloudflare Dynamic DNS update script | |
# Required policy: read, write, test, policy | |
# Add this script to scheduler | |
# Install DigiCert root CA or disable check-certificate | |
# Configuration --------------------------------------------------------------------- | |
:local TOKEN "__APITOKEN__" | |
:local ZONEID "__ZONEIDENTIFIER__" | |
:local RECORDID "__RECORDIDENTIFIER__" | |
:local RECORDNAME "__DNSRECORD__" | |
:local WANIF "__WANINTERFACE__" | |
#------------------------------------------------------------------------------------ | |
:global IP4NEW | |
:global IP4CUR | |
:local url "https://api.cloudflare.com/client/v4/zones/$ZONEID/dns_records/$RECORDID/" | |
:if ([/interface get $WANIF value-name=running]) do={ | |
# Get the current public IP | |
:local requestip [tool fetch url="https://ipv4.icanhazip.com" mode=https check-certificate=yes output=user as-value] | |
:set IP4NEW [:pick ($requestip->"data") 0 ([:len ($requestip->"data")]-1)] | |
# Check if IP has changed | |
:if ($IP4NEW != $IP4CUR) do={ | |
:log info "CF-DDNS: Public IP changed to $IP4NEW, updating" | |
:local cfapi [/tool fetch http-method=put mode=https url=$url check-certificate=yes output=user as-value \ | |
http-header-field="Authorization: Bearer $TOKEN,Content-Type: application/json" \ | |
http-data="{\"type\":\"A\",\"name\":\"$RECORDNAME\",\"content\":\"$IP4NEW\",\"ttl\":120,\"proxied\":false}"] | |
:set IP4CUR $IP4NEW | |
:log info "CF-DDNS: Host $RECORDNAME updated with IP $IP4CUR" | |
} else={ | |
:log info "CF-DDNS: Previous IP $IP4NEW not changed, quitting" | |
} | |
} else={ | |
:log info "CF-DDNS: $WANIF is not currently running, quitting" | |
} |
Hello @lingfeng0303, the certificate currently used by the API should be Baltimore Cybertrust Root. You can download it here https://www.digicert.com/kb/digicert-root-certificates.htm
Thanks, but I want to know how to write the IPv6 DDNS. :)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
这个root CA要从哪里下载的?