DuckDNS Update Script (free DynDNS alternative)

NevOZ · April 18, 2014, 12:10am

Hello All,

As many of you know, DynDNS will cease to have free dynamic DNS services within a month’s time.

As a result, I will be using one of the alternative free services instead - DuckDNS ( https://duckdns.org/ ) , and thought I’d share my script.

This script runs differently to almost all other Mikrotik dynamic DNS update scripts I have found on the Net. The usual method is to have the script run at intervals. Whereas my script runs all the time, monitors the WAN connection, and detects if the IP address changes. Not saying this is a better way, it is just the way I have done it.
So therefore, when setting it up in the Mikrotik scheduler, set it to run at startup only.

All you need to change in the script below is the “exampledomain” and the token.

Hope it’s handy for someone.

Nev

/ interface pppoe-client {
:global ExternalIP
:local clientip
:local clientstatus
:while (1 < 2) do={
monitor pppoe-out1 once do={:set clientip $“local-address”; :set clientstatus $status}
:if ($clientstatus=“connected” and $ExternalIP!=$clientip) do={
:delay 1
:log info “UpdateDuckDNS: IP change detected - $ExternalIP to $clientip. Updating Duck DNS.”
/tool fetch mode=https url=“https://www.duckdns.org/update?domains=exampledomain&token=a7c4d0ad-114e-40ef-ba1d-d217904a50f2&ip=$clientip” dst-path=duckdns.txt;
:delay 1
:local result [/file get duckdns.txt contents]
:log info “UpdateDuckDNS: Duck DNS update result: $result”;
:set ExternalIP $clientip
}
:delay 5
}
}

rextended · April 18, 2014, 3:15am

LogMeIn & DynDNS : two example of business.

Do not help anyone to make and grow free service, when you have debugged “all the problem” and the program is near vital to you, the program end Free support, on 30 days… or 7 days only…

Very ransom example…

There are also many service like this two on the years…

Do not base your works on free product,
not be blind on Open source project. Not all bug discovered, because free code, are reported…

NevOZ · April 18, 2014, 4:16am

7 days I agree is too soon to allow users to transition, but if the service is “vital”, then it is probably worth paying for. Just remember that what they are providing does cost them money.

rextended · April 18, 2014, 7:46am

Yes, ok, cost money, but is no reasonable only 7 days for migration of 40 machine.
This is a ransom…

NevOZ · April 18, 2014, 11:44pm

40 machines? If you are saying there are 40 different hostnames then you are violating the DynDNS free account terms anyway. You are only permitted to have 1 free account, and each account only allows 1 or 2 hostnames I believe.

rextended · April 19, 2014, 7:08am

I’m talk about LogMeIn, not DynDNS.

THG · April 20, 2014, 7:20pm

This script will only work with a PPPoE connection. If you have the energy, please make a script that works with ethernet.

Thanks

NevOZ · April 20, 2014, 10:20pm

I haven’t tested this as I don’t run a direct WAN connection, but you could try:

removing lines 1,3 and 4
change line 6 to :

:local clientip [/ip address get [find interface=“ether2-master-local”] address]

(obviously change “ether2-master-local” to appropriate interface)

change line 7 to:

:if ($ExternalIP!=$clientip) do={

.. see how you go.

rextended · April 21, 2014, 12:43am

How to…

On the follow sript replace MATRIX with ethernet interface or bridge (probably obtaining IP by DHCP client) you want to use as source IP for DuckDNS.

Obtain the ip of ethernet interface, the second instruction remove /xx if present:

:global actualIP value=[/ip address get [find where interface=MATRIX] value-name=address];
:global actualIP value=[:pick $actualIP -1 [:find $actualIP "/" -1] ];

Read if the previous IP is different from the actual. IT ALSO REMEMBER THE IP BETWEEN REBOOTS.
First part check for file existance, the last line set previousIP variables. The delay are inserted to do time to system to write the file.

:if ([:len [/file find where name=ipstore.txt]] < 1 ) do={
 /file print file=ipstore.txt where name=ipstore.txt;
 /delay delay-time=2;
 /file set ipstore.txt contents="0.0.0.0";
};
:global previousIP value=[/file get [find where name=ipstore.txt ] value-name=contents];

If previous IP are different to new, update DuckDNS, and save permanently new value on files to mantain the info througt reboot:

:if ($previousIP != $actualIP) do={
 /tool fetch mode=https keep-result=yes dst-path=duckdns-result.txt address=[:resolve www.duckdns.org] port=443 host=www.duckdns.org src-path=("/update?domains=ww.matrix.it&token=65843E27-A491-429F-84A0-30A947E20F92&ip=".$actualIP);
 /delay delay-time=5;
 :global lastChange value=[/file get [find where name=duckdns-result.txt ] value-name=contents];
 :global previousIP value=$actualIP;
 /file set ipstore.txt contents=$actualIP;
};

REMEMBER TO ADD \ BEFORE ? (on “/update?doma…”) IF YOU WANT TRY IT ON TERMINAL.
DO NOT PUT \ BEFORE ? INSIDE A SCRIPT.

The logging facility is added in complete version.

This is the complete script, without the interruption to explain what’s happen:

:global actualIP value=[/ip address get [find where interface=MATRIX] value-name=address];
:global actualIP value=[:pick $actualIP -1 [:find $actualIP "/" -1] ];
:if ([:len [/file find where name=ipstore.txt]] < 1 ) do={
 /file print file=ipstore.txt where name=ipstore.txt;
 /delay delay-time=2;
 /file set ipstore.txt contents="0.0.0.0";
};
:global previousIP value=[/file get [find where name=ipstore.txt ] value-name=contents];
:if ($previousIP != $actualIP) do={
 :log info message=("Try to Update DuckDNS with actual IP ".$actualIP." -  Previous IP are ".$previousIP);
 /tool fetch mode=https keep-result=yes dst-path=duckdns-result.txt address=[:resolve www.duckdns.org] port=443 host=www.duckdns.org src-path=("/update?domains=ww.matrix.it&token=65843E27-A491-429F-84A0-30A947E20F92&ip=".$actualIP);
 /delay delay-time=5;
 :global lastChange value=[/file get [find where name=duckdns-result.txt ] value-name=contents];
 :global previousIP value=$actualIP;
 /file set ipstore.txt contents=$actualIP;
 :if ($lastChange = "OK") do={:log warning message=("DuckDNS update successfull with IP ".$actualIP);};
 :if ($lastChange = "KO") do={:log error message=("Fail to update DuckDNS with new IP ".$actualIP);};
};

Remember to add Karma if you find this info useful…
Thanks..

THG · April 22, 2014, 12:03am

Thanks to both of you, I will test this when I have time.

THG · December 29, 2014, 12:29am

Thanks, the script works very well.

fbsdmon · March 2, 2019, 10:37am

@rextended
The script works only when executed from the MikroTik terminal for me.
It does not work if I click on “run” form the script menu or if I run it via the scheduler. It throws: “could not run script DuckDNS: not enough permissions”. i tried giving all permissions to the script, but I still get the same error. I create and run the script with the same user that I use to execute the script via terminal.

To reproduce this:

Delete the “actualIP”, “lastChange” and “previousIP” global variables from System->Scripts->Environment
Delete the “ipstore.txt” and “duckdns-result.txt” files
Run the script from System->Scripts->Scripts (select and click “run script”)

Any ideas what might be the problem?
As said, I am running as the same user with all permissions granted. I run routeros-mmips v6.44

badwithnetworking · July 29, 2019, 12:56pm

shortcircuitonline:

This is the complete script, without the interruption to explain what’s happen:

:global actualIP value=[/ip address get [find where interface=MATRIX] value-name=address];
:global actualIP value=[:pick $actualIP -1 [:find $actualIP "/" -1] ];
:if ([:len [/file find where name=ipstore.txt]] < 1 ) do={
 /file print file=ipstore.txt where name=ipstore.txt;
 /delay delay-time=2;
 /file set ipstore.txt contents="0.0.0.0";
};
:global previousIP value=[/file get [find where name=ipstore.txt ] value-name=contents];
:if ($previousIP != $actualIP) do={
 :log info message=("Try to Update DuckDNS with actual IP ".$actualIP." -  Previous IP are ".$previousIP);
 /tool fetch mode=https keep-result=yes dst-path=duckdns-result.txt address=[:resolve www.duckdns.org] port=443 host=www.duckdns.org src-path=("/update?domains=ww.matrix.it&token=65843E27-A491-429F-84A0-30A947E20F92&ip=".$actualIP);
 /delay delay-time=5;
 :global lastChange value=[/file get [find where name=duckdns-result.txt ] value-name=contents];
 :global previousIP value=$actualIP;
 /file set ipstore.txt contents=$actualIP;
 :if ($lastChange = "OK") do={:log warning message=("DuckDNS update successfull with IP ".$actualIP);};
 :if ($lastChange = "KO") do={:log error message=("Fail to update DuckDNS with new IP ".$actualIP);};
};

Remember to add Karma if you find this info useful…
Thanks..

Hi - when I try to use this, it appears that there is another private address between the my Mikrotik router and the internet. So it returns a private address. Any other way I can do this?

cdiedrich · July 29, 2019, 2:14pm

You could get your Ip this way:

/tool fetch mode=http http-method=get url=http://icanhazip.com/ dst-path=myip.txt

But honestly, does it make sense to register duckdns when your router is behind a NAT?
-Chris

badwithnetworking · July 29, 2019, 2:46pm

Hi - when I try to use this, it appears that there is another private address between the my Mikrotik router and the internet. So it returns a private address. Any other way I can do this?

You could get your Ip this way:
/tool fetch mode=http http-method=get url=http://icanhazip.com/ dst-path=myip.txt
But honestly, does it make sense to register duckdns when your router is behind a NAT?
-Chris

You are right. Maybe its not a private address. Basically my Fibre modem goes into ether1. When I set it using that script, the ip address is different than what I see if I use something like https://whatismyipaddress.com/.

Script gives me 172.22.###.###
Whatismyipaddress gives me a 103.252.###.### number

What could be going on here?

cdiedrich · July 29, 2019, 2:49pm

It pretty much looks like a private address - 172.22/16 is within 172.16/12 which is a private range.
And since the initial script is pulling the address from the interface, I’m sure you have a private address and your ISP is NATing your address.
-Chris

badwithnetworking · August 4, 2019, 3:09pm

Ok no problem. I will just pay a premium for a static IP. Guess there is no way around it.

Thanks

nikolaricci · October 12, 2019, 8:46am

Hi everyone,

this is my script and works for me.
:global currentIP;
local newIP [ip cloud get public-address];
:if ($newIP != $currentIP) do={
:log info “IP address $currentIP changed to $newIP”;
:set currentIP $newIP;
/tool fetch mode=https url=“https://www.duckdns.org/update?domains=domain&token=xxxx-xxx-xx-xx-xxx=$newIP” dst-path=duckdns.txt;
:local result [/file get duckdns.txt contents];
:log info “Duck DNS update result: $result”;
}
This is the key line “local newIP [ip cloud get public-address];”
But the first “ip cloud” shoud be set, on newer MT versions. This also works if you have multiple IPs on WAN interfaces.

daboka · June 9, 2020, 9:18pm

Hey guys!

I had various issues with the update scripts found in this thread. You can find my version of the script below. Instead of caching the IP address, this script resolves the domain name and updates it if it is different from the actual address of the interface.

:local resolvedIP [:resolve "{{ domain }}.duckdns.org"];
:local currentIP [/ip address get [find interface="{{ interface }}"] address];
:local currentIP [:pick $currentIP 0 [:find $currentIP "/"]];

:if ($resolvedIP != $currentIP) do={
    :log info ("Trying to update DuckDNS with actual IP ".$currentIP.", resolved IP is ".$resolvedIP);
    :local response [/tool fetch url=("https://www.duckdns.org/update?domains={{ domain }}&token={{ token }}&ip=".$currentIP) check-certificate=yes as-value output=user];
    :if ($response->"status" = "finished") do={
        :if ($response->"data" = "OK") do={
            :log info ("Successfully updated DuckDNS with new IP ".$currentIP);
        } else={
            :log error ("Failed to update DuckDNS with new IP ".$currentIP);
        }
    }
}

In order to use the script, you’ll have to do the following:

replace the variables in double curly braces
make the root certificate used to sign DuckDNS’s certificate chain available in the certificate store either by downloading it from here or using Mozilla’s list of trusted root certificates from here. The certfile should be downloaded on a trusted computer and uploaded to the router from there. It can be imported in Winbox under System > Certificates or using the

/certificate import file-name={{ certfile }} passphrase=""

command. Once the certificate store is bootstrapped, it can be periodically updated with the following script:

/tool fetch url=https://mkcert.org/generate/ check-certificate=yes dst-path=cacert.pem;
/certificate import file-name=cacert.pem passphrase="";

This step could be skipped by omitting

check-certificate=yes

from the fetch command, but I discourage it as it makes the connection less secure.

ilium007 · September 2, 2020, 11:26am

:local resolvedIP [:resolve "{{ domain }}.duckdns.org"];
:local currentIP [/ip address get [find interface="{{ interface }}"] address];
:local currentIP [:pick $currentIP 0 [:find $currentIP "/"]];

:if ($resolvedIP != $currentIP) do={
    :log info ("Trying to update DuckDNS with actual IP ".$currentIP.", resolved IP is ".$resolvedIP);
    :local response [/tool fetch url=("https://www.duckdns.org/update?domains={{ domain }}&token={{ token }}&ip=".$currentIP) check-certificate=yes as-value output=user];
    :if ($response->"status" = "finished") do={
        :if ($response->"data" = "OK") do={
            :log info ("Successfully updated DuckDNS with new IP ".$currentIP);
        } else={
            :log error ("Failed to update DuckDNS with new IP ".$currentIP);
        }
    }
}

How is this script scheduled? How will it fire when the WAN IP address changes? Or do I need to set it on a schedule and have it run say every 5mins?