Dynamic DNS using Alibaba Cloud DNS API

By Alberto Roura, Alibaba Cloud Tech Share Author

According to Wikipedia, “Dynamic DNS (DDNS or DynDNS) is a method of automatically updating a name server record, often in real time, with the active Dynamic DNS configuration of its configured hostnames, addresses or other information.”

Typically, a server has a static IP, and the related domain name contains an A Record stating which one it is. An illustration as example of how a machine resolves the IP of wikipedia.org is shown below:

As you can see, there are a lot of steps involved for the visitors’ machine to “translate” wikipedia.org into After the DNS resolves wikipedia.org into its IP address, the computer can locate where the page is hosted in the Internet. This is also the common case for most of websites.

Why We Need a Dynamic DNS solution

For example, if we have some personal NAS or IoT devices, or even a cell phone, we can’t use the same IP address outside of our personal network. eses

In this tutorial, we hope to set up a similar network for home devices that we want to access from the outside. For example, you may have a smart home or security device set up and you need to access it while being away from home.

What Do We Need

If you are not sure how to set up a domain, you can check out some tutorials on Alibaba Cloud Getting Started, or visit the Documentation Center for more information.

The whole idea will be to schedule a cron job in a device at home using curl to run a PHP script hosted in our ECS instance that uses Alibaba Cloud DNS API to update the A Record of the given domain.

The standardized method for dynamically updating a domain name server record is defined in RFC2136, commonly known as dynamic DNS update. This method is a network protocol for use with managed DNS servers, and it includes a security mechanism. Check the relevant documents for RFC2136 if you want to dig more about it.

So, knowing how the DNS works and why we need to setup a Dynamic DNS for our home use, lets dive into the details. We will use alicloud-php-dns-updater, a PHP script made specifically for this purpose. It is based in a class ready to use.

Clone the Repo

Get Your Access Keys from Alibaba Cloud

In order to get one, log into your Alibaba Cloud console and in the top navigation bar, hover with your mouse in your email address and click “accesskeys” as illustrated below.

Once in the keys screen, copy the Access Key ID and the Access Key Secret into a safe place. To show the Secret Key to need to click on “Show”. Be careful where you save this data, as it is very sensitive and could potentially cause irreversible damages if mishandled. Also you should consider creating more limited keys using their policies, but that’s a topic for another entry.

Setting the Dynamic DNS Updater Script up in the ECS

In this example, I have assumed that our ACCESS_KEY is CAmKUmIUGiMO83mS, our ACCESS_KEY_SECRET is CjKaN02Ann9maMmiauusmoGOI7mn, and the domain customnasathome.com. The index.php file should look like this:

<?phpdate_default_timezone_set('UTC');include_once 'alicloud-php-updaterecord/V20150109/AlicloudUpdateRecord.php';use Roura\Alicloud\V20150109\AlicloudUpdateRecord;$AccessKeyId     = 'CAmKUmIUGiMO83mS';
$AccessKeySecret = 'CjKaN02Ann9maMmiauusmoGOI7mn';
$updater = new AlicloudUpdateRecord($AccessKeyId, $AccessKeySecret);
$newIp = $_SERVER['REMOTE_ADDR']; // New IP$updater->setDomainName('customnasathome.com');

Testing the Updater

If the API response is positive, the output should look like this:

[RecordId] => 3666544576879860
[RequestId] => F4VDF8A-D2DF-49VV-ER00-458D6918FDDE

Hooray! You successfully updated the A Record of your domain by using Alibaba Cloud DNS API. Easy, right?

Securing the Script


AuthType Basic
AuthName "DNS Updater Access"
AuthUserFile /var/www/dyndns-updater/.htpasswd
Require valid-user


Type, in any location, htpasswd -c /var/www/dyndns-updater/.htpasswd updater_user.

This will create the file for the first time. “updater_user” is the username you are adding. It will ask you for the password when you run it. According to the official Apache documentation, htpasswd encrypts passwords using either bcrypt, a version of MD5 modified for Apache, SHA1, or the system’s crypt() routine, so the password will be never be saved in plain text. This is important to know, as you will need to keep the password in a safe place after executing the command. You won’t be able to recover it if you forget it because it is encrypted.

After that you should be able to access the URL by providing the username and password.

Cron Job

The location of the crontab in your instance does not matter, as we will add the cronjob by using the command line.

Run crontab -e and select your favorite editor (if not sure, choose nano, as it is the easiest one out there).

If you choose nano, remember that to exit and save the file, you need to press ctrl + x, then y and enter.

For this tutorial, we are setting the scheduled job to run every 30 minutes. You can see that in the variable /30. If you want to set it every 15 minutes, you should update that part to /15. For more advanced cron adjustments check the official Linux cron guide.

Without authentication:
Go to the bottom of the crontab file and add /30 * curl

With authentication:
In this case, we will need to add the credentials for basic authentication to curl in order to get access. Go to the bottom of the crontab file and add /30 * curl -u “updater_user:YOUR_PASSWORD”

Wrapping Up



Follow me to keep abreast with the latest technology news, industry insights, and developer trends.