cloudflare-ddns
cloudflare-ddns copied to clipboard
favonia
Support for multiple ISP?
I have three ISP in load balancing. I would like to be able to update dns for all three, one record for each ISP. There is a way to setup multiple set of DOMAINS and have each set to use a different binding for IP detection? Or should I run three containers?
@outofsight Hi, I apologize for the delayed response. (I am currently attending a conference.) I don't believe there's currently an easy way to accomplish this, and to support it, I would like to gather more information from you:
- Are you referring to a scenario where a single machine is connected to the internet via three distinct ISPs, and all three ISPs could dynamically assign IP addresses? If so, how should the updater obtain all three IP addresses?
- Would you be amenable to utilizing record comments as filters? One proposed approach involves running three containers, each with a unique RECORD_COMMENT setting and a new flag, RECORD_COMMENT_AS_FILTER=1 (which has not yet been implemented). Subsequently, each container would exclusively update records associated with its specified RECORD_COMMENT. Does this design appear suitable to you?
Thank you!
@favonia Hi, thanks for reply.
Yes, I manage a network with three different Internet connections, in load balancing/failover, with two dynamic and one semi-static ip address that I handle as if it was dynamic.
In the meanwhile I managed to setup a the three containers approach with something like this.
networks:
macvlan-lan-internet-devices: # VLAN .1637 Tagged
name: macvlan-lan-internet-devices
driver: macvlan
driver_opts:
macvlan_mode: bridge
parent: bond1.1637
ipam:
config:
- subnet: 10.xxx.yyy.0/24
ip_range: 10.xxx.yyy.12/30
gateway: 10.xxx.yyy.1
x-cloudflare-ddns: &ddns
image: favonia/cloudflare-ddns
container_name: cloudflare-ddns
restart: unless-stopped
user: 1000:1000 # Run the updater with specific user and group IDs (in that order).
cap_drop: [all] # Drop all other capabilities
security_opt: [no-new-privileges:true] # Another protection to restrict superuser privileges
read_only: true # Make the container filesystem read-only
environment:
PROXIED: false
IP6_PROVIDER: none
RECORD_COMMENT: Generated/Updated by DDNS
env_file:
- secrets-cloudflare-ddns.env
services:
cloudflare-ddns-isp1:
<<: *ddns
container_name: cloudflare-ddns-isp1
environment:
DOMAINS: 1.mailers.mydomain.tld
networks:
macvlan-lan-internet-devices:
ipv4_address: 10.xxx.yyy.12
cloudflare-ddns-isp2:
<<: *ddns
container_name: cloudflare-ddns-isp2
environment:
DOMAINS: 2.mailers.mydomain.tld
networks:
macvlan-lan-internet-devices:
ipv4_address: 10.xxx.yyy.13
cloudflare-ddns-isp3:
<<: *ddns
container_name: cloudflare-ddns-isp3
environment:
DOMAINS: 3.mailers.mydomain.tld
networks:
macvlan-lan-internet-devices:
ipv4_address: 10.xxx.yyy.14
There is a policy routing configuration at the gateway so that traffic from 10.xxx.yyy.12, 10.xxx.yyy.13, 10.xxx.yyy.14 is routed using ISP1, ISP2, ISP3 only.
I know I can specify multiple domains in DOMAINS, but I think the IP addresses is detected using a single method and the same source interface / IP even if the container belongs to multiple networks and has several interfaces and IP.
It would be nice if the IP of each domain would be detected using a potentially different network interface / source IP specified by a list in an environment variable.
But maybe is not necessary. The three contaienrs approach is working.
Btw, thanks for your work.
@outofsight Thanks for the information. I'm already grappling with specifying per-host IPv6 addresses and would prefer to avoid further complicating the design at this point. I'm glad you found a solution. I was considering a more complex scenario where the updated records have the same domain name.