Configuring DuckDNS dynamic DNS on the Ubiquiti USG

DK — Wed, 10 Jun 2020 17:42:45 +0000

I have a remote USG deployed at a relative’s house and need to have a way to access the UniFi Security Gateway’s WAN IP if the ISP changes it.

Steps to implement

Create a user account on www.duckdns.org. This will generate a new user token. Save this as you will need it later and don’t share this.
Create a subdomain on www.duckdns.org
Go to your UniFi controller and set up a config.gateway.json file, instructions here.
Add the below configuration to this file. Replace SUBDOMAIN with just the subdomain of your duckdns site and replace TOKEN from your account token.
Go to your UniFi Controller and reprovision your USG. Your dynamic DNS should now be working

{
  "service": {
    "dns": {
      "dynamic": {
        "interface": {
          "eth0": {
            "service": {
              "dyndns": {
                "host-name": [
                  "SUBDOMAIN"
                ],
                "login": "nouser",
                "password": "TOKEN",
                "server": "www.duckdns.org"
              }
            },
            "web": "dyndns"
          }
        }
      }
    }
  }
}

Check to make sure it works

To check and confirm the USG is updating the DNS correctly, you can SSH into the USG and run show dns dynamic status.

show dns dynamic status
interface    : eth0
ip address   : 123.123.123.123
host-name    : SUBDOMAIN
last update  : Wed Jun 10 12:08:20 2020
update-status: good

You can also force an update by running update dns dynamic interface eth0

Cloudflare DDNS configuration for Unifi USG

DK — Fri, 31 May 2019 21:36:17 +0000

I’ve recently made the switch to using Cloudflare as my DDNS provider. Unfortunately, Ubiquiti has not done a good job of expanding and updating its DDNS providers in the Unifi Controller.

Update USG ddclient

The USG firmware is using an older version of the ddclient which is no longer supported by cloudflare. So, in order to get it to connect, you need to upgrade to the newer version. Luckily, @troyfontaine has done all the heavy lifting and shared it with the world. Go buy him a beer. You can perform the individual steps as shown in the script or execute the thing with curl.

#!/bin/bash
# Run this script as sudo

# Specify the repo and the location of the apt sources list
DEB_REPO="deb http://archive.debian.org/debian/ wheezy main # wheezy #"
APT_SRC="/etc/apt/sources.list"

# Add deb repo to sources list if it isn't there
grep -q -F "$DEB_REPO" "$APT_SRC" || echo "$DEB_REPO" >> "$APT_SRC"

# Run Apt update
apt-get update; apt-get -y install libdata-validate-ip-perl

# Download new ddclient and replace the existing version
cd /tmp
curl -L -O https://raw.githubusercontent.com/ddclient/ddclient/master/ddclient
cp /usr/sbin/ddclient /usr/sbin/ddclient.bkp
cp ddclient /usr/sbin/ddclient
chmod +x /usr/sbin/ddclient

# Tell the USG to update configuration and then display the status
# Run the following manually to update your DDNS record:
# update dns dynamic interface eth2 && sleep 20 && show dns dynamic status

curl https://gist.githubusercontent.com/troyfontaine/7e6f93e32621177fc9a94e823adc52b5/raw/fix_ddns.sh | sudo bash

Testing the configuration

Before permanently making this configuration, I wanted to test my settings. Below are the configuration commands used to enable this by SSH’ing into your USG. The zone should match the zone name in CF and the password is the API Zone ID that’s listed on the overview page.

set service dns dynamic interface eth2 service cloudflare host-name khaz.me
set service dns dynamic interface eth2 service cloudflare login my@email.com
set service dns dynamic interface eth2 service cloudflare options zone=khaz.me
set service dns dynamic interface eth2 service cloudflare password 4jdGtFnlBwuneXmv6mdvc2nbhm4DZLYY
set service dns dynamic interface eth2 service cloudflare protocol cloudflare
set service dns dynamic interface eth2 service cloudflare server api.cloudflare.com/client/v4
set service dns dynamic interface eth2 web dyndns

If you are unfamiliar how to do this, you can learn more from Ubiquiti’s instructions for EdgeRouters which use the same tools. I like to use the commit-confirm 5 option in case I’ve messed up any entries through the CLI. Keep in mind, this configuration will not survive re-provisioning of the USG from the controller as the controller does not have these settings.

poldim@USGPro:~$ update dns dynamic interface eth2 && sleep 20 && show dns dynamic status
interface    : eth2
ip address   : 66.119.21.125
host-name    : khaz.me
last update  : Fri May 31 13:40:04 2019
update-status: good

Permanent Configuration

After having my settings on for a week, I decided to configure these settings. You will need to follow the USG Advanced Configuration process as outlined by Ubiquiti.

{
  "service": {
    "dns": {
      "dynamic": {
        "interface": {
          "eth2": {
            "service": {
              "cloudflare": {
                "host-name": [
                  "khaz.me"
                ],
                "login": "my@email.com",
                "options": [
                  "zone=khaz.me"
                ],
                "password": "4jdGtFnlBwuneXmv6mdvc2nbhm4DZLYY",
                "protocol": "cloudflare",
                "server": "api.cloudflare.com/client/v4"
              }
            },
            "web": "dyndns"
          }
        }
      }
    }
  }
}

Networking – D Khaz

Configuring DuckDNS dynamic DNS on the Ubiquiti USG

Steps to implement

Check to make sure it works

Cloudflare DDNS configuration for Unifi USG