|
| 1 | +# IPv6 DDNS Updater |
| 2 | + |
| 3 | +This utility discovers the IPv6 addresses of specific hosts in your network and updates DNS records dynamically. [Details](#what-does-this-do) |
| 4 | + |
| 5 | +## Installation |
| 6 | + |
| 7 | +Download the [latest release](https://github.com/miguelangel-nubla/ipv6ddns/releases/latest) for your architecture. |
| 8 | + |
| 9 | +### Or build from source |
| 10 | + |
| 11 | +Ensure you have Go installed on your system. If not, follow the instructions on the official [Go website](https://golang.org/doc/install) to install it. Then: |
| 12 | +``` |
| 13 | +go install github.com/miguelangel-nubla/ipv6ddns |
| 14 | +``` |
| 15 | + |
| 16 | +## Usage |
| 17 | + |
| 18 | +Adjust the configuration on config.json and run the binary with the desired flags: |
| 19 | +``` |
| 20 | +./ipv6ddns [flags] |
| 21 | +``` |
| 22 | + |
| 23 | +### Flags |
| 24 | + |
| 25 | +- `-config_file` (default "config.json"): Config file to use |
| 26 | +- `-log_level` (default "info"): Set the logging level (debug, info, warn, error, fatal, panic) |
| 27 | +- `-storm_delay` (default "60s"): Time to allow finishing storm of host discoveries before updating the DDNS record |
| 28 | +- `-ttl` (default "4h"): Time to keep a discovered host entry in the table after it has been last seen. This is not the TTL of the DDNS record |
| 29 | +- `-live` (default false): Show the current state live on the terminal |
| 30 | + |
| 31 | +This utility needs to be executed as a superuser to be able to listen on the required ports. |
| 32 | + |
| 33 | +Depending on your IPv6 network configuration, you will need to allow outside access to the hosts you want to expose. |
| 34 | +On Mikrotik devices it is particularly easy, you just need to add an address list with your domain, the IPv6 addresses to which it points to will be automatically resolved, and then you can simply create a new forwarding rule on the firewall that allows forwarding to hosts in that destination address list. |
| 35 | +The alternative on more limited systems is to either specify subnets or simply allow by destination MAC address. |
| 36 | + |
| 37 | +## Configuration |
| 38 | + |
| 39 | +This is the structure of the `config.json` file: |
| 40 | + |
| 41 | +``` |
| 42 | +{ |
| 43 | + "tasks": { |
| 44 | + "load_balancer_for_web_app": { // whichever name you like for this task |
| 45 | + "subnets": ["2000::/3"], // only IPv6 addresses on these subnets will be updated. "2000::/3" is any GUA. |
| 46 | + "mac_address": ["00:11:22:33:44:55", "00:11:22:33:44:56"], // MAC addresses of the hosts to look for |
| 47 | + "endpoints": { |
| 48 | + "example-project": [ // name of the endpoint to use for this task, as configured on the credentials section at the bottom |
| 49 | + "test-webapp.example.com" // domain name whose AAAA records will be kept in sync |
| 50 | + ] |
| 51 | + } |
| 52 | + } |
| 53 | + // ... |
| 54 | + // more task configurations if needed |
| 55 | + // ... |
| 56 | + }, |
| 57 | + "credentials": { |
| 58 | + "example-project": { // name you will use to refer to this endpoint on the tasks |
| 59 | + "provider": "cloudflare", // one of the supported providers |
| 60 | + "settings": { // provider specific configuration |
| 61 | + "email": "email@example.com", |
| 62 | + "api_token": "CLOUDFLARETOKEN", |
| 63 | + "zone_name": "example.com", |
| 64 | + "ttl": "1h", // if proxied over cloudflare this will have no effect |
| 65 | + "proxied": true |
| 66 | + } |
| 67 | + } |
| 68 | + // ... |
| 69 | + // more credentials if needed |
| 70 | + // ... |
| 71 | + } |
| 72 | +} |
| 73 | +``` |
| 74 | + |
| 75 | +## DDNS providers |
| 76 | + |
| 77 | +The available DDNS providers are: |
| 78 | + |
| 79 | +- Cloudflare |
| 80 | +- Duckdns (provider only allows a single AAAA record) |
| 81 | + |
| 82 | +- :rocket: **Adding your preferred provider is easy**: |
| 83 | + - Take a provider from `ddns/` such as cloudflare.go as a template. |
| 84 | + - Replace every reference to cloudflare with the new provider. This is case-sensitive. |
| 85 | + - Replace the API calls with the ones your provider need. |
| 86 | + - Test. |
| 87 | + - Create a PR! |
| 88 | + |
| 89 | +--- |
| 90 | + |
| 91 | +# What does this do? |
| 92 | + |
| 93 | +## The problem |
| 94 | +Having a domain name `my-web.example.com` point to your application on an IPv6 network is both simpler and more challenging than doing it with regular IPv4. |
| 95 | + |
| 96 | +The classic method of directing traffic to your public IP address (i.e., your router) and then using NAT is no longer a good idea, nor necessary. |
| 97 | + |
| 98 | +IPv6 addresses are globally routable, which is nice, but you will need to know the exact IP, as different machines or even containers on the same host (and even different applications) will have different "public" IPs, or GUAs in IPv6 terminology. |
| 99 | + |
| 100 | +In this scenario DNS names become almost mandatory, good luck trying to remember and type a different `https://[2001:0db8:85a3:0000:8a2e:0370:7334:abcd]` to access each one of your hosts. |
| 101 | + |
| 102 | +Technically, IPv6 addresses could be static, but part of the beauty of IPv6 is the ability to use and rotate multiple different IP addresses on demand. Even if you don't want to, some ISPs change your IPv6 prefix on router reboot or periodically. |
| 103 | + |
| 104 | +## Rationale |
| 105 | +You might be thinking well, I will just run a DDNS updater on my server? It turns out that may not be really an option, remember each application has its own, *dynamic* IPv6? How do you indicate which IP should the DNS record point to? Does that mean the way to do that is to run the updater on the same container as your web server? |
| 106 | + |
| 107 | +Unfortunately yes. That is not a great idea. Aside from the inconvenience of forking and using your own container images, there will be systems that you will not be able to modify. Think about a device on your network that has no way of running a custom executable, like an appliance, or an IP camera. |
| 108 | + |
| 109 | +Wouldn't it be nice to have a utility anywhere on your network that detects the IPv6 of your desired hosts, identifies when they change, and updates the relevant DNS records accordingly? |
| 110 | + |
| 111 | +## The solution |
| 112 | +This utility scans the network for the IPv6s of the hosts you want to expose, identified by their MAC address, and updates the corresponding DNS records automatically. This works for _all your network_, having the configuration and your credentials in a single place. |
| 113 | + |
| 114 | +--- |
| 115 | + |
| 116 | +# Other nice usages |
| 117 | + |
| 118 | +### Roaming over multiple IPv6 networks |
| 119 | +This utility allows you to move between IPv6 networks and to maintain inbound connectivity. |
| 120 | +You can have as many IPv6 addresses from different ISPs as you like and the AAAA records for your domain will be kept in sync. |
| 121 | + |
| 122 | +For example, you can have a fiber connection, a backup LTE connection, and Starlink on your roof. Your domain will have AAAA records for every WAN connection, inbound WAN failover will simply work. |
0 commit comments