DDNS Client

DDNS stands for Dynamic DNS. Simply put, using this service gives a name to your IP. So if you're hosting something on your line, people would not have to bother typing your IP. They can just type in your domain name! It also helps when your IP changes. Users won't need to discover what your new IP is, they can simply type your domain name.

This guide will help you configure your DDNS service, so that your router auto-updates your IP to your DDNS provider. The simplest method possible would be through LuCI (the default webUI for OpenWrt).

OpenWrt uses ddns-scripts which are Bourne shell scripts.
There are other scripts and programs available in the web, also some DDNS providers offer their own programs. All of them are currently not ported and tested on OpenWrt.

First of all, you'll need to pick and register a DNS name with a compatible DynamicDNS service provider.
For a list of DDNS providers, see:

ddns-scripts support the following Dynamic DNS service provider out of the box:
3322.org	afraid.org ⁶⁾	changeip.com	cloudflare.com ^{2) 5) 6)}
core-networks.de ⁶⁾	ddnss.de ⁶⁾	dhis.org ⁶⁾	dnsdynamic.org
dnsexit.com	dnshome.de ⁶⁾	dnsmax.com	dnsomatic.com
dnspark.com	do.de ⁶⁾	dtdns.com	duckdns.org ⁶⁾
duiadns.net ⁶⁾	dy.fi	dyndns.org ⁶⁾ (dyn.com)	dyndnss.net
dyns.net	dynsip.org	dynu.com	dynv6.com ⁶⁾
easydns.com	editdns.net	goip.de ⁶⁾	google.com ^{5) 6)}
he.net ⁶⁾	joker.com	loopia.se ⁶⁾ (loopia.com)	mydns.jp ⁶⁾
myonlineportal.net ⁶⁾	mythic-beasts.com ⁶⁾	namecheap.com	nettica.com
no-ip.com ¹⁾ (noip.com)	no-ip.pl ⁶⁾	nsupdate.info ⁶⁾	nubem.com
ovh.com	regfish.de ⁶⁾	schokokeks.org	selfhost.de
sitelutions.com	spdyn.de ⁶⁾ (spdns.de)	strato.com	system-ns.com
thatip.com	twodns.de	variomedia.de ⁶⁾	zerigo.com ⁶⁾
zoneedit.com ⁵⁾	zzzz.io ^{5) 6)}		BIND nsupdate ^{3) 4) 6)}

¹⁾ requires additional package ddns-scripts_no-ip_com to be installed.
²⁾ needs additional package ddns-scripts_cloudflare to be installed.
³⁾ directly updates a PowerDNS (or maybe bind server) via nsupdate.
⁴⁾ needs additional package ddns-scripts_nsupdate and bind-client to be installed.
⁵⁾ SSL support required.
⁶⁾ support IPv6

If you have picked a DDNS service provider and create your host/domain name you need to note additional your username and password.
Now you need to decide if you want to use secure communication with your DDNS provider or not.
Some provider require secure (HTTPS) communication. Read their help pages for details and also read provider specific informations below.

If you need support, found an issue or only want to request a new extension for the next release, please post your questions/issues/requests here: (Don't forget to post informations about your used software versions.)

OpenWrt Forum
Github-OpenWrt-Packages for ddns-scripts
Github-OpenWrt-LuCI for luci-app-ddns

A full list of supported settings (some not supported by LuCI webUI):

UCI documentation → Dynamic DNS Client configuration

The source code is available at GitHub:

CC 15.05	ddns-scripts_2.4.3-1	luci-app-ddns_2.2.4-1
trunk	ddns-scripts	luci-app-ddns

Login into your router through your browser.
From the menu select 'System' → 'Software'
Press button [Update Lists] to update internal lists of available packages.
Filter for ddns and install luci-app-ddns package. Installing the package luci-app-ddns will automatically install the package ddns-scripts.
You might need to install provider specific packages ddns-scripts_xxxxx and LuCI language packages luci-i18n-ddns-xx.
After luci-app-ddns (and other packages) are installed, just press any other menu entry on the LuCI webUI, and the page will refresh itself and it will appear in the menu under 'Services' → 'Dynamic DNS'.

To install ddns-scripts use the OPKG Package Manager
You might need to install provider specific packages ddns-scripts_xxxxx

opkg update
opkg install ddns-scripts
opkg install ddns-scripts_xxxxx

By default ddns-scripts uses BusyBox built-in 'wget' for DDNS updates over http, which does not support https (SSL).
To perform DDNS updates over https (SSL), you will need to install the 'wget' or 'curl' package, and add the appropriate root certificate for your ddns provider.

If both 'wget' and 'curl' are installed you can configure which one to prefer. Default is 'wget'.

You can install either via LuCI (from the menu select 'System' → 'Software') and search for 'wget' or 'curl'
or install via console using following commands:

opkg update
opkg install wget     # normally you only need
opkg install curl     # either wget or curl
opkg install ca-certificates

If you, also for other software, need all certificates in one file or you want to update CA certificates regulary, then do NOT install 'ca-certificates' package.
'ca-certificate' package is not always backported to older OpenWrt versions. Install latest CA certificates (in one file) using console:

mkdir -p -m0755 /etc/ssl/certs
curl -o /etc/ssl/certs/ca-certificates.crt http://curl.haxx.se/ca/cacert.pem   # using curl
wget  --no-check-certificate -O /etc/ssl/certs/ca-certificates.crt http://curl.haxx.se/ca/cacert.pem   # using wget

Since OpenWrt 17.01.7 (and earlier?)
Wget works with ca-certificates package, but curl does not. Instead install ca-bundle, if you wish to use curl (but not wget).

This does not belong to the Installation section. Move it to where it better fits the context. — tmomas 2017/04/24 01:05

ddns-scripts support other special communication functions to be used:

Run once (useful for usage with crond)
Set proxy with/without authenfication for http/https requests
Set DNS server to use other than system default
Binding to specific network if wget or to specific interface if curl installed.
Force the usage of either IPv4 or IPv6 communication only. Require either wget or curl AND bind-host !
DNS requests via TCP. Require either wget or curl AND bind-host !

ddns-scripts are designed to update one host per configuration/section.
To update multiple hosts or providers or IPv4 and IPv6 for the same host you need to define separate configurations/sections.
Some providers offer to update multiple host within one update request. A possible solution for this option is to use –custom– service name settings.
Have a look at Provider specifics.

The main settings you need to set are (all other normally work fine with the defaults):

Service name	the DDNS service provider to use
Host/Domain	your FQDN you want to update (used by ddns-scripts using nslookup to check if update has happen)
Username	username or other parameter to use as username (send urlencoded)
Password	password or other parameter to use as password (send urlencoded) *including BB 14.07* Ensure this password does not have “$1” or $ with any number following in it, as this breaks the script.
Interface	network name (i.e. wan, wan6) used by OpenWrt hotplug event system to start ddns-scripts

since DD (trunk) the following main settings need to be set:

Service name	the DDNS service provider to use
Lookup Host	ONE of your defined FQDN you want to update (used by ddns-scripts using nslookup to check if update has happen)
Host/Domain	mostly same as `'Lookup Host`', but now can also be used as “normal” parameter. i.e. as list of hosts to be updated
Username	username or other parameter to use as username (send urlencoded)
Password	password or other parameter to use as password (send urlencoded)
Interface	network name (i.e. wan, wan6) used by OpenWrt hotplug event system to start ddns-scripts

After fresh installation a configuration/section 'myddns' and 'myddns_ipv4' and 'myddns_ipv6' exists ready to be modified for your needs.
You could delete them and define your own.

Please heed the following important hints:

It is NOT allowed to use dash-sign “-” inside configuration/section names.
A full list of supported settings (some not supported by LuCI webUI) you will find in UCI documentation!
Always keep in mind the Provider specific settings if there are any!
Don't forget to enable your configuration/section!
You need minimum one enabled configuration/section for ddns service to start!
You need to enable ddns service to enable updates being sent on reboot and hotplug events!
Although described elsewhere, it is not recommended to change the files '/usr/lib/ddns/services' or '/usr/lib/ddns/services_ipv6' because they will be overwritten during system and package updates!

Login into your router through your browser.
From the menu select 'Services' → 'Dynamic DNS'.
Navigate to the configuration/section you like to change.
Modify the fields you need to change.
Don't forget to check the 'Enabled' option!
Click [Save & Apply] button to save changes.

To add a new configuration/section:

Type the new name into the text entry box at the bottom of the page next to [Add] button.
Do not use a dash character “-” in configuration/section name!
Click [Add] button.
Modify the fields you need to change.
Don't forget to check the 'Enabled' option!
Click [Save & Apply] button to save changes.

'Username' and 'Password' fields are required fields. If your provider does not require one or both of them, simply put in a character of your choice.

You need to enable ddns service!
From the menu select 'System' → 'Startup'.
Set ddns service to enabled.

SSL Support

Options to configure HTTPS communication are only available if wget or curl package is installed. (See Hints if shown.)

Check 'Use HTTP Secure' option. Additional field 'Path to CA-Certificate' is shown with it's default setting.
- If you have installed ca-certificates package leave the shown default! (/etc/ssl/certs)
- If you have installed CA certificates in one file from above set the value to: /etc/ssl/certs/ca-certificates.crt
- If you like to use other certificate you need to set here the full path to the certificate including file name. (/path/to/file.crt)
- If your certificates are stored in a different path, set here the path where your certificates are located. (/path/to/files)
Click [Save & Apply] button to save changes.

Custom Service

If you want to use a DDNS provider currently not listed or you want to update multiple hosts within one configuration/section then you should do the following:

Choose '–custom–' as service. Additional field 'Custom update-URL' is shown.
Fill in the URL you like to use. Please read URL syntax description below. Also have a look at Provider specifics.
Click [Save & Apply] button to save changes.

If you found a DDNS provider not listed or with additional IPv6 support or with changed update URL please open an issue at Github-OpenWrt-Packages so it can be included with the next release.

The easiest way to configure ddns-scripts via console is to edit the file /etc/config/ddns directly using build-in vi editor or any other editor you prefer. Other editors as vi needs to be installed separately.

A configuration/section looks like:

config 'service' 'myddns'
	option 'service_name'	'example.org'
	option 'enabled'	'1'
	option 'domain'		'yourhost.example.org'
	option 'username'	'your_username'
	option 'password'	'your_password'
	option 'interface'	'wan'
	option 'ip_source'	'network'
	option 'ip_network'	'wan'

Alternatively you can use UCI command line interface.
Example input:

uci set ddns.myddns.service_name="ddnsprovider.com"	# only use names listed in /usr/lib/ddns/services 
							# or /usr/lib/ddns/services_ipv6 (since CC 15.05)
uci set ddns.myddns.domain="host.yourdomain.net"
uci set ddns.myddns.username="your_user_name"
uci set ddns.myddns.password="p@ssw0rd"
uci set ddns.myddns.interface="wan"	# network interface that should start this configuration/section
uci set ddns.myddns.enabled="1"
uci commit ddns				# don't forget this, otherwise data not written to configuration file

ddns.myddns.enabled=“1” means:

'ddns' is the configuration file to change (here /etc/config/ddns)
'myddns' is the configuration/section to change
'enabled' is the option to set/change
behind the equal-sign is the value to set. Set single- or double-quotes around the value and no space or whitespace around the equal-sign.

Example to create/add a new configuration/section “newddns”:

uci set ddns.newddns="service"
uci set ddns.newddns.service_name="ddnsprovider.com"	# only use names listed in /usr/lib/ddns/services
							# or /usr/lib/ddns/services_ipv6 (since CC 15.05)
uci set ddns.newddns.domain="host.yourdomain.net"
uci set ddns.newddns.username="your_user_name"
uci set ddns.newddns.password="p@ssw0rd"
uci set ddns.newddns.interface="wan"	# network interface that should start this configuration/section
uci set ddns.newddns.enabled="1"
uci commit ddns				# don't forget this, otherwise data not written to configuration file

You need to enable ddns service by:

/etc/init.d/ddns enable

SSL Support

You need to add the following entries to the desired section in '/etc/config/ddns' file:
using 'ca-certificates' package:

config 'service' 'myddns'
	...
	option 'use_https'	'1'
	option 'cacert'		'/etc/ssl/certs'

using single file (ie. as descriped above):

config 'service' 'myddns'
	...
	option 'use_https'	'1'
	option 'cacert'		'/etc/ssl/certs/ca-certificates.crt'
#	option 'cacert'		'/full/path/to/file.crt'

Above options can also be set via LuCI webUI.
The options are only shown if 'wget' or 'curl' package is installed!

Custom Service

Following changes need to be done if you use a DDNS provider currently not listed or to update multiple hosts within one configuration/section.
Edit '/etc/config/ddns'

config 'service' 'myddns'
	...
#	option 'service_name'	'example.org'		# comment out "#" or delete
	option 'update_url'	'http://your.update.url...[USERNAME]...[PASSWORD]...[DOMAIN]...[IP]'

or use UCI command line interface

uci delete ddns.myddns.service_name
uci set ddns.myddns.update_url="http://your.update.url...[USERNAME]...[PASSWORD]...[DOMAIN]...[IP]"
uci commit ddns		# don't forget this, otherwise data not written to configuration file

URL Syntax

It's not needful to set 'https://'. If SSL support is activated 'http://' is replaced automatically.
The entries [USERNAME] [PASSWORD] [DOMAIN] [IP] are replaced by ddns-scripts just before update.
[USERNAME] is replaced by content of 'option username' from configuration file.
[PASSWORD] is replaced by content of 'option password' from configuration file.
[DOMAIN] is replaced by content of 'option domain' from configuration file.
[IP] is replaced by the current IP address of your OpenWrt system.

carefully set 'option domain' in your configuration. This option is also used to detect if the update was successfully done.
This entry is the DNS name your OpenWrt system will be reachable from the internet.
Have a look at Provider specifics for samples.

If you found a DDNS provider not listed or with additional IPv6 support or with changed update URL please open an issue at Github-OpenWrt-Packages so it can be included with the next release.

Here a list (without preferences) of url's to detect your current public ip used by your system:

Dual-Stack	IPv4-only	IPv6-only	Server Location
http://checkip.dns.he.net/	—	—	US
http://checkip.freedyn.org/	—	—	DE
http://bot.whatismyipaddress.com/	—	—	US
http://whatismyip.org/	—	—	US
http://myexternalip.com/raw	—	—	DE
http://wtfismyip.com/text	—	—	US
http://domains.google.com/checkip	—	—	part of Google
http://icanhazip.com/	http://ipv4.icanhazip.com/	http://ipv6.icanhazip.com/	US
http://checkip.feste-ip.net/	http://v4.checkip.feste-ip.net/	http://v6.checkip.feste-ip.net/	DE
http://ident.me/	http://ipv4.ident.me/	http://ipv6.ident.me/	UK
http://ddnss.de/meineip.php	http://ip4.ddnss.de/meineip.php	http://ip6.ddnss.de/meineip.php	DE
http://checkip.spdyn.de/	http://checkip4.spdyn.de/	http://checkip6.spdyn.de/	DE
http://ifcfg.me/ip	http://4.ifcfg.me/ip	http://6.ifcfg.me/ip	FR
http://nsupdate.info/myip	http://ipv4.nsupdate.info/myip	http://ipv6.nsupdate.info/myip	DE
http://checkip.zerigo.com	http://checkip4.zerigo.com/	http://checkip6.zerigo.com/	US
—	http://checkip.dyndns.com/ ¹⁾	http://checkipv6.dyndns.com/ ¹⁾	US + UK
—	http://checkip.dyndns.com:8245/	http://checkipv6.dyndns.com:8245/	US + UK
—	http://checkip.dyn.com/ ^{1) 2)}	http://checkipv6.dyn.com/ ^{1) 2)}	US + UK
—	http://ipv4.myip.dk/api/info/IPv4Address	http://ipv6.myip.dk/api/info/IPv6Address	US
—	http://ipv4.ipogre.com/linux.php	http://ipv6.ipogre.com/linux.php	US
—	http://v4.ipv6-test.com/api/myip.php	http://v6.ipv6-test.com/api/myip.php	FR
—	http://ipecho.net/plain	—	NL
—	http://ipinfo.io/ip	—	part of Amazon AWS
—	http://ifconfig.me/ip	—	JP
—	http://checkip.amazonaws.com	—	part of Amazon AWS
—	http://myip.dtdns.com	—	US
—	http://ip.changeip.com	—	US
—	http://freedns.afraid.org/dynamic/check.php	—	?
—	http://freedns.afraid.org:8080/dynamic/check.php	—	?

¹⁾ users reported timeout problems, use links in the line below (…:8245)
²⁾ alias of *.dyndns.com

If your wan interface has the IP you want to propagate, this approach has the advantage of not depending on external services or even a working DNS resolution.

Create the script:

cat << "EOF" > /etc/ddns/getwanip
#!/bin/sh
. /lib/functions/network.sh
network_flush_cache
network_find_wan NET_IF
network_find_wan6 NET_IF6
network_get_ipaddr NET_ADDR "${NET_IF}"
network_get_ipaddr6 NET_ADDR6 "${NET_IF6}"
echo "${NET_ADDR}"
echo "${NET_ADDR6}"
EOF
chmod +x /etc/ddns/getwanip

Use it in the DDNS configuration by issuing these UCI commands:

uci set ddns.NAMEOFYOURSERVICE.ip_source="script"                 #Change NAMEOFYOURSERVICE to yours
uci set ddns.NAMEOFYOURSERVICE.ip_script="/etc/ddns/getwanip"     #Change NAMEOFYOURSERVICE to yours

Or by editing these lines in /etc/config/ddns:

config service 'NAMEOFYOURSERVICE'                 #Change NAMEOFYOURSERVICE to yours
        option ip_source 'script'
        option ip_script '/etc/ddns/getwanip'

	Enable minimum one configuration/section! You need to enable ddns service!

Normally no user actions are required because ddns-scripts starts when hotplug ifup event happens. This will happen automatically at system startup when the named interface comes up. Event ifup also happens when a dialup network comes up.
ddns-scripts regularly check if there is a difference between your IP address at DNS and your interface. If different an update request is sent to DDNS provider.

Whenever you [Save & Apply] an Enabled configuration/section from LuCI webUI the corresponding script is automatically restarted.
If you modify '/etc/config/ddns' configuration file from console, you need to restart ddns-scripts (see below) to apply changes.

To check if ddns-scripts are running you could check inside LuCI via 'Status' → 'Processes'
or via console running

ps -w | grep dynami[c]

You should find something like '… /bin/sh /usr/lib/ddns/dynamic_dns_updater.sh myddns 0'
for every configuration/section you configured and enabled, where myddns shows your configuration/section name.

Inside LuCI also exists a section 'Dynamic DNS' at 'Status' → 'Overview' page showing the current status of your DDNS configurations.

using LuCI

To check running ddns-scripts processes from the menu goto 'Status' → 'Processes'.
Look for something like '/bin/sh /usr/lib/ddns/dynamic_dns_updater.sh myddns 0'.
To stop a desired process press the [Terminate] or [Kill] button.
The process should remove from the list.

You can enable/disable and start/stop ddns-scripts from 'System' → 'Startup' menu.
Look for service 'ddns' and press the button for the desired action.

You can additionally enable/disable and start/stop individual configuration/section from 'Overview'-page at 'Services' → 'Dynamic DNS'.

via console

From console command line you could create an 'ifup' hotplug event for the desired network interface. This will start all enabled ddns configurations/sections monitoring this interface.
Keep in mind that also other service processes (i.e. firewall) might be (re-)started via 'ifup' hotplug event!
For INTERFACE, type the specified ddns-scripts interface name (the interface name from /etc/config/network, usually 'wan')

ACTION=ifup INTERFACE=wan /sbin/hotplug-call iface

To start only one ddns-scripts configuration/section (here 'myddns'):

/usr/lib/ddns/dynamic_dns_updater.sh myddns 0 &

To start all ddns-scripts configurations configured for one interface (the interface name from /etc/config/network, usually 'wan'):

sh
. /usr/lib/ddns/dynamic_dns_functions.sh	# note the leading period followed by a space
start_daemon_for_all_ddns_sections "wan"
exit

To stop one configuration/section you need to list running ddns processes with:

ps -w | grep dynami[c]

you will get something like:

2493 root      1440 R    {dynamic_dns_upd} /bin/sh /usr/lib/ddns/dynamic_dns_updater.sh myddns_1 0
2494 root      1440 R    {dynamic_dns_upd} /bin/sh /usr/lib/ddns/dynamic_dns_updater.sh myddns_2 0

now you need to kill every running process:

kill 2493		# to kill one process
kill 2493 2494		# to kill multiple processes

To stop all running processes at once ('killall' might not be available on all systems):

killall dynamic_dns_updater.sh				# if killall is available
ps | grep dynami[c] | awk '{print $1}' | xargs kill	# or if not available

Since BB 14.07 you could enable/disable and start/stop/restart all enabled ddns configuration/section like every other service:

/etc/init.d/ddns disable
/etc/init.d/ddns enable
/etc/init.d/ddns start
/etc/init.d/ddns stop
/etc/init.d/ddns restart

using scheduler

Each configuration/section of ddns-scripts can be configured to run once including retry on error so it is guaranteed that the update is sent to the provider.

To configure your configuration/section to run once you need to set 'option force_interval' to '0'. Setting of 'option force_unit' is ignored.
Inside LuCI set 'Force Interval' in [Timer Settings]-tab of your desired configuration
or edit '/etc/config/ddns' on console.

config 'service' 'myddns'
	...
	option 'force_interval'	'0'

If you set ddns service to enable then all configurations/sections are started during interface 'ifup'.
The configuration/section configured to run once will stop after successful update.
To guarantee that your configurations only run once not looking for an interface event you need to disable ddns service.
To start your configuration via build in crond use the following entry as command inside crontab configuration (replace 'myddns' with the name of your configuration/section):

/usr/lib/ddns/dynamic_dns_updater.sh myddns 0 &

Syslog

The 'option use_syslog' (also in LuCI) allows to define the level of events logged to syslog:

Value	Reporting
0	disable
1	info, notice, warning, errors
2	notice, warning, errors
3	warning, errors
4	errors
Critical errors forcing ddns-scripts to break (stop) are always logged to syslog.

Logfile

ddns-scripts have built-in logfile support.
Logfiles are automatically truncated to a settable number of lines (default 250 lines).

Inside LuCI you could enable logfile in [Advanced Settings]-tab of desired configuration/section.
From console you need to edit '/etc/config/ddns' file:

config 'service' 'myddns'
	...
	option 'use_logfile'	'1'

In case your device has enough built in memory or if you are using Extroot, you might want to store the ddns logs persistently. To achieve this, you need to change the log file location by adding the following line in the global section of '/etc/config/ddns':

config 'ddns' 'global'
	...
	option 'ddns_logdir'	'<your_custom_log_dir>'

This option must be defined in the global section of the '/etc/config/ddns' file. If the option is defined at config service level, it will be ignored by the '/usr/lib/ddns/dynamic_dns_functions.sh' script and the log location will be defaulted to '/var/log/ddns'.

To view logfile content from LuCI select the [Log File Viewer]-tab of desired configuration/section and press the [Read / Reread log file]-button. From console you should change to the ddns log directory (default '/var/log/ddns').
You will find a logfile for every configuration/section.

cd /var/log/ddns
ls -la
cat myddns_ipv4.log
cat myddns_ipv6.log

To debug what's going on, you can run ddns-scripts in verbose mode.
Following verbose level are defined:

Level	Description
0	Non verbose - No output
1	Output to console (default)
2	Output to console and logfile. Run once WITHOUT retry on error.
3	Output to console and logfile. Run once WITHOUT retry on error. Sending NO update to DDNS service.

Before starting debugging stop all running ddns-scripts processes:

/etc/init.d/ddns stop
/etc/init.d/ddns disable

validate that no ddns-scripts processes running:

ps | grep dynami[c]

Now you can start one configuration/section for debugging. To stop/break running script press [CTRL]+C.
Replace 'myddns' with your desired configuration/section name and 'level' with the desired verbose level.

/usr/lib/ddns/dynamic_dns_updater.sh myddns level

You will get full description of errors and the output of programs like wget, nslookup etc. used by ddns-scripts

Network and name resolution problems

Check your communication settings with the following commands:

nslookup google-public-dns-a.google.com
 
ping -c 5 google-public-dns-a.google.com
ping -c 5 -4 google-public-dns-a.google.com	# (-4) force IPv4 communication
ping -c 5 -6 google-public-dns-a.google.com	# (-6) force IPv6 communication if installed
 
wget -O- http://checkip.dyndns.com		# for IPv4
wget -d -O- http://checkipv6.dyndns.com		# for IPv6 needs wget package and IPv6 to be installed
curl -v http://checkipv6.dyndns.com		# for IPv6 needs curl package and IPv6 to be installed

HTTPS/SSL problems

Check if your DDNS provider ONLY supports secure requests and enable HTTPS (option use_https) in your configuration.
Packages 'wget' or 'curl' not installed to support secure communication.
'wget'/'curl' could not access/validate SSL certificates.
Check certificate installation and run 'wget' or 'curl' in verbose/debug mode:

ls -la /etc/ssl
ls -la /etc/ssl/certs
 
wget -d -O /tmp/wget.out https://www.google.com --ca-certificate=/etc/ssl/certs/ca-certificates.crt	# single certificate file
wget -d -O /tmp/wget.out https://www.google.com --ca-directory=/etc/ssl/certs		# certificate directory
wget -d -O /tmp/wget.out https://www.google.com --no-check-certificate			# ignore certificate !!! INSECURE !!!
 
curl -v -o /tmp/curl.out https://www.google.com --cacert /etc/ssl/certs/ca-certificates.crt	# single certificate file
curl -v -o /tmp/curl.out https://www.google.com --capath /etc/ssl/certs		# certificate directory
curl -v -o /tmp/curl.out https://www.google.com --insecure			# ignore certificate !!! INSECURE !!!

Remember to read how to configure a custom service.
At provider specific settings, only parameters that needs to be changed are described.
The relevant parameters to use together with a custom settings are:

UCI option	LuCI description	Explanatory note
service_name	DDNS Service provider	Inside LuCI set to `'–custom–`' or delete from `'/etc/config/ddns`' if you need to use custom update URL.
update_url	Custom update-URL	Copy from description below, if necessary.
domain	Hostname/Domain	The already registered name at your DDNS provider. Must be your public FQDN because used by nslookup command to check if the send IP update was recognized by your provider and published around World Wide DNS.
username	Username	Normally your username but possibly used with different settings.
password	Password	Normally your password but possibly used with different settings.

If you find a at a provider description below, please support the ddns-scripts maintainer to test and update this page.
Please post a support request if something is not working as described or needs to be updated.
Thanks!

If you find problem “Failed writing HTTP request: Bad file descriptor” in some server / wget version (see: https://bugzilla.redhat.com/show_bug.cgi?id=912358), it is worth to try changing the update_url in /etc/config/ddns from

"http://[USERNAME]:[PASSWORD]path_to_your_provider_and_other_things"

to

"--user=[USERNAME] --password:[PASSWORD] http://path_to_your_provider_and_other_things"

AND change one line in /usr/lib/ddns/dynamic_dns_updater.sh from

update_output=$( $retrieve_prog "$final_url" )

to

update_output=$( $retrieve_prog $final_url )

Last updated: 2020-08-31
Homepage

To use subdomains (CNAME or A records), use the format below when filling your credentials:

domain		{subdomain}@[zone]

Examples:

If the hostname is “sample.example.com”, the “domain” field would be “sample@example.com”
if the hostname is “dev1.sample.example.com”, the “domain” field would be “dev1.sample@example.com”
If using Cloudflare's “Subdomain Support”, your zone may already be “foo.example.com”, so if the DDNS hostname is “bar.foo.example.com” the domain field would be “bar@foo.example.com”

The version of ddns-scripts in the master branch of the packages feed supports the use of API tokens. API Tokens provide a new way to authenticate with the Cloudflare API. They allow for scoped and permissioned access to resources and use the RFC compliant Authorization Bearer Token Header. For more information on Token vs Key see the Cloudflare v4 API documentation.

service_name	cloudflare.com-v4
domain		[Your domain, here: example.com]
username	Bearer
password	[Your API token]

Last updated: 2020-01-06
DNS-O-Matic provides you a free and easy way to announce your dynamic IP changes to multiple services with a single update. Using DNS-O-Matic allows you to pick and choose what Dynamic DNS services you want to notify, all from one easy to use interface. From dns-o-matic homepage – Documentation

You need to change your OpenDNS password to one that doesn't contain HTML special characters On dnsomatic username and password

To update all services registered with DNS-O-Matic in one configuration/section use the following settings in /etc/config/ddns:

#/etc/config/ddns
config service 'DNSoMATIC'
        option lookup_host   'anotherddns.com'             # It must be a FQDN that is active on dns-o-matic dashboard to be refreshed by it
        option interface     'wan'                         # Set it to the network interface to be monitored on changes
        option ip_source     'web'
        option ip_url        'http://checkip.amazonaws.com/'
        option use_https     '1'
        option service_name  'dnsomatic.com'
        option domain        'all.dnsomatic.com'            # It will instruct dns-o-matic to update all services set on its dashboard
        option username      'OPENDNSusername'              # dns-o-matic uses OpenDNS login credentials
        option password      'OPENDNSpassword'              # It must not contain html reserved characters
        option enabled       '1'

Alternatively, you can issue uci commands:

uci add ddns dnsomatic
uci set ddns.dnsomatic.lookup_host='DDNSchangedBYdnsomatic.com'  ##Change it to yours
uci set ddns.dnsomatic.interface='wan'                           ##Change it to yours
uci set ddns.dnsomatic.ip_source='web'
uci set ddns.dnsomatic.ip_url='http://checkip.amazonaws.com/'
uci set ddns.dnsomatic.use_https='1'
uci set ddns.dnsomatic.service_name='dnsomatic.com'
uci set ddns.dnsomatic.domain='all.dnsomatic.com'
uci set ddns.dnsomatic.username='OPENDNSusername'                ##Change it to yours
uci set ddns.dnsomatic.password='OPENDNSpassword'                ##Change it to yours
uci set ddns.dnsomatic.enabled='1'
uci commit
/etc/init.d/ddns reload

Last updated: 2015-07-14
Homepage – Installation instructions – FAQ

There is another description here. I take over the link during rewriting this wiki page.

Inside LuCI web UI select –custom– and fill in the other options accordingly.
Be sure you install ssl support.
Additional use update_url and settings from below:

update_url	http://www.duckdns.org/update?domains=[USERNAME]&token=[PASSWORD]&ip=[IP]
domain		[Your FQDN]
username	[Your Host without ".duckdns.org"]
password	[Your token]
use_https	1
cacert		[path to certificate file or directory]

Last updated: 2015-07-15
Homepage – FAQ

Option 1:

service_name	afraid.org-v2-token
domain		[Your FQDN]
username	[NOT used. Set to a character of your choice, because LuCI does not accept empty field]
password	[Your authorisation token, NOT your account password]

To find your authorisation token, go to http://freedns.afraid.org/dynamic/, login, click “Direct URL”.
On the location bar of your browser, copy the authorisation token,
which is the part after http://freedns.afraid.org/dynamic/update.php? url
and paste it in the password field. the uri to update ip result in error 404， need to change source code.

Option 2: (Taken from here.)

service_name	delete / --custom--
update_url	[Your direct URL updater from your freedns.afraid.org account]
domain		[Your FQDN]
username	[NOT used. Set to a character of your choice, because LuCI does not accept empty field]
password	[NOT used because already part of direct URL. Set to a character of your choice, because LuCI does not accept empty field]

Option 3

service_name	afraid.org-v2-basic or afraid.org-basicauth
domain		[Your FQDN]
username	[your username of afraid.org]
password	[Your account password]

Option 4 Prefer

service_name	afraid.org-keyauth
domain		[Your FQDN]
username	[NOT used. Set to a character of your choice, because LuCI does not accept empty field]
password	[Your authorisation token, NOT your account password]

domains.google.com

Last updated: 2016-04-20

Google Domains allows for dynamic names to be set up in the section called Synthetic Records. To access it, log in to https://domains.google.com and go to Configure DNS for the domain in question, then scroll down to Synthetic Records and add a new one. It will issue a specific username and password for this hostname. Google requires HTTPS for updates, so be sure to also install package wget or curl in order to allow this. Use the following settings:

service_name	--custom--
update_url	http://[USERNAME]:[PASSWORD]@domains.google.com/nic/update?hostname=[DOMAIN]&myip=[IP]
domain		[Your defined hostname]
username	[assigned username for hostname]
password	[assigned password for hostname]
http_secure	Enabled
ca_path		Set to "IGNORE" or download certs and provide path

Last updated: 2015-07-20
Homepage (Danish only)

Taken from OpenWrt forum

GratisDNS.dk is only supported by ddns-scripts using custom service settings.
GratisDNS.dk require to install and configure SSL support.

service_name	delete / --custom--
update_url	https://ssl.gratisdns.dk/ddns.phtml?u=[USERNAME]&p=[PASSWORD]&d=Mydomain&h=[DOMAIN]&i=[IP]
		!!! replace "Mydomain" in this url with domain part of your FQDN.
		Sample: your FQDN: host.example.com -> "Mydomain" set to example.com
		Sample: https://ssl.gratisdns.dk/ddns.phtml?u=[USERNAME]&p=[PASSWORD]&d=example.com&h=[DOMAIN]&i=[IP]
domain		[Your FQDN]
username	[Your username]
password	[Your password]

Last updated: 2015-07-15
Homepage

There is another description here. I take over the link during rewriting this wiki page.

Use the following settings:

service_name	he.net
domain		[Your FQDN]
username	[Your FQDN]
password	[Your password]

Last updated: 2015-07-20
Homepage – Support

Looking on description at “Use Mythic Beasts Dynamic DNS with your OpenWRT router” and on the existing source code I found out that there must be issues updating Dynamic DNS.
I have gone in contact with support of mythic-beasts.com. I will update as soon a solution is available.

Last updated: 2015-07-21
Homepage – Knowledgebase

Note that with the namecheap protocol, the username option is translated to the host argument in the update request.
Therefore, it should be the host-part on the DNS record, not the username that you use to log into the namecheap.com site.
To update multiple hosts you might need to define separate configuration/section for each host.
To get your password, log into the namecheap.com site, enter the management console for the domain, and click the Dynamic DNS menu option.

Currently ddns-scripts only supports the case where your dynamic subdomain has the same IP address as for your unqualified domain. Otherwise you will send updates to namecheap.com every “option check_interval” 10 minutes (default) because your FQDN is not validated. Proposed solution here, which you can easily implement yourself. (This may only be an issue for ddns-scripts 2.4).

Let assume you define two FQDN at your domain “example.com”: “www.example.com” and “ftp.example.com“
To update only your domain record “example.com”:

service_name	namecheap.com
domain		[Your domain, here: example.com]
username	@
password	[Your password]

To update for example only your ”ftp.example.com” host:

service_name	namecheap.com
domain		[Your domain, here: example.com]
username	ftp
password	[Your password]

To update all to the same IP address:

NOTE: For namecheap updating multiple subdomains is NOT working nowadays, you have to make one request per subdomain, so configure one section per subdomain. https://www.namecheap.com/support/knowledgebase/article.aspx/29/11/how-do-i-use-a-browser-to-dynamically-update-the-hosts-ip#comment-936527059:

service_name	namecheap.com
domain		[Your domain, here: example.com]
username	@ -a www -a ftp
		!!! @ stands for your domain, www for www.example.com, ftp for ftp.example.com
password	[Your password]

Last updated: 2015-07-21
Homepage – SupportCenter

Starting CC 15.05 do not forget to additional install ddns-scripts_no-ip_com package.

The default is to use your 'username' and 'password' as normal inside ddns-scripts together with 'service_name' 'no-ip.com' or 'noip.com'.

If you want to update multiple hosts inside one configuration/section you need the following settings:

service_name	delete / --custom--
update_url	http://[USERNAME]:[PASSWORD]@dynupdate.no-ip.com/nic/update?myip=[IP]&hostname=

		!!! After the 'hostname=' fill in a comma separated list of hosts to update.
		Sample: host1.example.com,host2.example.com,host3.example.com without any spaces in between.
		Sample: http://[USERNAME]:[PASSWORD]@dynupdate.no-ip.com/nic/update?myip=[IP]&hostname=host1.example.com,host2.example.com,host3.example.com

domain		[Only ONE of your defined hostnames, i.e. host1.example.com]
username	[Your username]
password	[Your password]

Last updated: 2016-08-02
Homepage – Wiki/FAQ (German only)

The web-pages of spdns.de are now reachable at spdyn.de.
Currently updates send to update.spdns.de pages are still handled but produce warnings in DDNS update log at the provder.
Created accounts and domains at spdns.de are still working without any problems.

The default is to use your 'username' and 'password' as normal inside ddns-scripts together with 'service_name' 'spdyn.de'.
If you want to use Update-Token, keep in mind that this token can only update the host it is generated for.
Use this settings:

service_name	spdyn.de
domain		[Your defined hostname at spdyn.de]
username	[Your defined hostname at spdyn.de]
password	[The token generated for this hostname]

If you want to update multiple hosts inside one configuration/section you need the following settings (Update-Token doesn't work):

service_name	delete / --custom--
update_url	http://[USERNAME]:[PASSWORD]@update.spdyn.de/nic/update?myip=[IP]&hostname=

		!!! After the 'hostname=' fill in a comma separated list of hosts (max. 20) to update.
		Sample: host1.spdyn.de,host2.spdyn.de,host3.spdyn.de without any spaces in between.
		Sample: http://[USERNAME]:[PASSWORD]@update.spdyn.de/nic/update?myip=[IP]&hostname=host1.spdyn.de,host2.spdyn.de,host3.spdyn.de

domain		[Only ONE of your defined hostnames i.e. host3.spdyn.de]
username	[Your username at spdyn.de]
password	[Your password at spdyn.de]

Hurricane Electric provides a free IPv6inIPv4 tunnel through Tunnel Broker that demands a permanent IP or a real-time updated one. From its homepage: “Our free tunnel broker service enables you to reach the IPv6 Internet by tunneling over existing IPv4 connections from your IPv6 enabled host or router to one of our IPv6 routers. To use this service you need to have an IPv6 capable host (IPv6 support is available for most platforms) or router which also has IPv4 (existing Internet) connectivity.”

Apply the following patch to include that service on OpenWRT DDNS

[ -z "$(cat /etc/ddns/services 2>/dev/null | grep ipv4.tunnelbroker.net)" ] && echo "\"tunnelbroker.net\"      \"http://[USERNAME]:[PASSWORD]@ipv4.tunnelbroker.net/nic/update?hostname=[DOMAIN]&myip=[IP]\"     \"good|nochg\"" >> /etc/ddns/services

Now you can configure your tunnelbroker ddns:

#/etc/config/ddns
config service 'HE6in4'
        option service_name  'tunnelbroker.net'
        option lookup_host   'hostToCheck.com'             #Change it to yours. It should be a hostname updated by a DDNS with the current IP.
        option ip_source     'web'
        option ip_url        'http://checkip.amazonaws.com/'
        option interface     'wan'                         #Change it to yours
        option username      'tunnelbrokerUSERname'        #Change it to yours. It's the same tunnelbroker login.
        option password      'tunnelbrokerDDNSpassword'    #Change it to yours. It's not the same tunnelbroker login.
        option domain        'tunnelbrokerDDNSnumber'      #Change it to yours. It's only numbers.
        option enabled       '1'

Instead of using a web service, that has the risk of being eventually offline, to detect the public IP, you can detect the WAN public IP by this script.

DDNS Client

Introduction

Requirements

Support

Installation

using LuCI

via console

SSL support

other functions

Configuration

Basics

using LuCI

SSL Support

Custom Service

via console

SSL Support

Custom Service

URL Syntax

Detecting public IP

Detecting WAN public IP by script

Operation

Basics

Run manually

using LuCI

via console

using scheduler

Monitoring

Syslog

Logfile

Debugging

Common errors

Network and name resolution problems

HTTPS/SSL problems

Provider specifics

Overview

cloudflare.com

dnsomatic.com

duckdns.org

freedns.afraid.org

domains.google.com

gratisdns.dk

he.net

mythic-beasts.com

namecheap.com

noip.com

spdyn.de (old spdns.de)

tunnelbroker.net