GhostlyDDns for Cloudflare Dynamic DNS

GhostlyDDns keeps Cloudflare dynamic DNS under your control

Last Update 29/01/2026

Price

10 €Approximately £8.64

GhostlyDDns is a compact .NET CLI tool running locally that updates existing Cloudflare A and AAAA records when your public IP changes. Ideal for home servers, office networks, labs, and self-hosted services needing a stable domain without handing DNS control to third-party SaaS.

Select an edition Review the setup Check suitability

GhostlyDDns Local DNS update cycle

Cloudflare record home.example.com A / AAAA

1
Detect Retrieve the current public IPv4 or IPv6 address from configured endpoints.
2
Compare Skip updates if the address is unchanged to avoid excessive Cloudflare API calls.
3
Update Update the chosen A or AAAA record only if the target IP has changed.
4
Log Maintain local diagnostics for schedulers, services, and production monitoring.

Summary

Dynamic DNS addresses changing IPs, not all hosting challenges

Many home and small office internet connections receive new public IPs periodically. Dynamic DNS keeps a domain pointed at the current address so VPNs, dashboards, test sites, or self-hosted apps remain accessible. GhostlyDDns targets Cloudflare zones and updates your existing records.

Cloudflare A records Cloudflare AAAA records Runs locally No telemetry

Suitability check

Use GhostlyDDns if Cloudflare is your authoritative DNS provider

Ideal for networks with changing public addresses where the domain must remain accessible. If your router or host already manages the required Cloudflare updates, an additional agent may be unnecessary.

Suitable option

Where GhostlyDDns is useful

You use Cloudflare DNS and already have the A or AAAA records to maintain.
Your home, office, lab, or backup network has a changing public IP.
You prefer the Cloudflare API token stored locally rather than in a third-party DDNS service.
You need a consistent config style across Windows, Linux, and Linux ARM.

Unsuitable

When another DDNS method is simpler

Your internet provider assigns a static public IP and DNS seldom changes.
Your router already updates Cloudflare securely with scoped credentials and reliable logs.
You require a hosted dashboard, team access controls, alerts, and managed support.
You expect the tool to create Cloudflare records from scratch in version one.

Contents

Cloudflare updates

GhostlyDDns updates only when your public IP changes

The agent checks your public IPv4 and IPv6 addresses, compares them to the last known values, and calls the Cloudflare API only when an A or AAAA record requires updating. This keeps the update loop quiet and reduces unnecessary API traffic.

IPv4

A records track the current IPv4 address

Use A records for IPv4 services like a home VPN endpoint, small dashboard, reverse proxy, or test site.

IPv6

AAAA records can track IPv6 if your host supports it

Enable IPv6 only if the machine has a stable routed IPv6 connection; otherwise, keep IPv6 detection off.

API

Cloudflare calls remain aware of changes

GhostlyDDns compares values first, updating Cloudflare only if the DNS target needs changing.

Privacy and security

Running locally keeps sensitive components close to your network

GhostlyDDns requires no hosted control panel. Your Cloudflare API token remains on the local machine, logs stay local, and the update loop runs behind your firewall, scheduler, or systemd service.

Token scope

Use the minimal necessary Cloudflare API token

Restrict the token to the zone and DNS edit rights GhostlyDDns requires. Avoid using an account-wide token for a simple DDNS task.

Local configuration

Protect the YAML file as a secret

The config may include the Cloudflare API token. Maintain strict file permissions and avoid sharing it in screenshots, tickets, or public logs.

No SaaS control

The update loop operates wherever you deploy it

GhostlyDDns doesn’t need an external control panel. Your scheduler, firewall, logs, and retry policies stay within your setup.

Operational checks

Monitor failures rather than every routine run

A silent successful run is the goal. Monitor for non-zero exit codes, repeated Cloudflare errors, and detection endpoints that cease responding.

Setup process

The reliable sequence is zone first, then token, followed by scheduler

Setting up DDNS cleanly is mostly about preparation. Create the record, restrict the Cloudflare token to the zone, perform a dry run, then schedule the agent according to your operating system.

Create the record

Add the A or AAAA record in Cloudflare first, select the proxy mode, and use a temporary hostname during testing.

Restrict the token

Create a Cloudflare API token limited to DNS edits for the specific zone only.

Perform a dry run

Use the dry command to verify config, record names, detectors, and Cloudflare access before live updates.

Schedule the agent

Run once via a timer or continuously as a service, then monitor logs and exit codes during initial IP changes.

Configuration

A single YAML file defines the token, records, interval, IP detection, and logs

Keep configuration straightforward and auditable. Securely store the token, set polling intervals to your needs, enable IPv6 only if the host has a genuine IPv6 route, and list all Cloudflare records to track the public IP.

Core CLI commands

Use dry runs before enabling recurring jobs to preview what GhostlyDDns would update, avoiding blind production changes.

CLI

ghostly-ddns init-config --path ./config.yaml
ghostly-ddns dry --config ./config.yaml
ghostly-ddns once --config ./config.yaml
ghostly-ddns run --config ./config.yaml
ghostly-ddns --help
ghostly-ddns --version

Example YAML configuration

Exact values depend on your Cloudflare zone and record names, but the format remains compact for standard code review.

YAML

cloudflare:
  api_token: CF_API_TOKEN

update:
  interval_seconds: 120

ip_detection:
  detect_ipv4: true
  detect_ipv6: false
  v4_endpoints:
    - https://api.ipify.org
    - https://ipv4.icanhazip.com
  v6_endpoints:
    - https://api6.ipify.org

logging:
  retention_days: 30

records:
  - name: home.example.com
    type: A
    proxied: true
    ttl: auto

Deployment

Run GhostlyDDns as a lightweight infrastructure service

On Linux, a systemd service and timer simplify restarting and auditing the agent. On Windows, Task Scheduler can run the command at set intervals. In both cases, logs should be accessible and the config file secured from public access.

Linux systemd timer

Use a dedicated service account where possible and store the config in a secure directory.

systemd

[Unit]
Description=Run GhostlyDDns

[Service]
Type=oneshot
ExecStart=/usr/local/bin/ghostly-ddns once --config /etc/GhostlyDDns/config.yaml

[Timer]
OnBootSec=60
OnUnitActiveSec=120
Unit=ghostly-ddns.service

[Install]
WantedBy=timers.target

Windows Task Scheduler

Execute the same CLI command every few minutes and watch for non-zero exit codes in your routine operations.

Task Scheduler

schtasks /Create ^
  /SC MINUTE /MO 5 ^
  /TN "GhostlyDDns" ^
  /TR "C:\GhostlyDDns\ghostly-ddns.exe once --config C:\GhostlyDDns\config.yaml" ^
  /RL HIGHEST ^
  /F

Editions

Select the build matching the DDNS agent’s environment

Each licence covers GhostlyDDns updates for one major version of the chosen edition. Choose Windows for a small office PC, Linux for a VPS or home server, or Linux ARM for low-power devices that need continuous DNS updates.

Desktop or office

Windows

Use this when a Windows PC remains online and should maintain a Cloudflare record for a small network.

Open Windows edition

Server

Linux

Use this for a VPS, home server, lab machine, or reverse proxy host running unattended services.

Open Linux edition

Low power

Linux ARM

Use this for ARM64 devices that run continuously and can host a lightweight DDNS agent.

Open Linux ARM edition

Get started

Begin with a test record before automating production DNS

Create a temporary subdomain, run GhostlyDDns in dry mode, verify the Cloudflare token edits only the intended zone, then apply the same config to the actual record.

Download Windows edition Download Linux edition

Frequently Asked Questions

GhostlyDDns FAQ

Brief answers on Cloudflare records, API tokens, IPv6, schedules, logs, and when provider DDNS might suffice.

What does GhostlyDDns automate?

GhostlyDDns updates existing Cloudflare A and AAAA records when your public IPv4 or IPv6 address changes. It does not replace Cloudflare DNS or provide hosting services.

Does GhostlyDDns create new Cloudflare records?

Version one updates existing records. Create DNS records in Cloudflare first, then let GhostlyDDns maintain their targets.

Where should I keep the Cloudflare API token?

Keep the token on the machine running GhostlyDDns and secure the YAML file with strict permissions. The token should only edit DNS for the designated zone.

Can GhostlyDDns update IPv6 records?

Yes. Enable IPv6 detection if the host has a genuine routed IPv6 address. GhostlyDDns can update AAAA records when the IPv6 address changes.

When is provider DDNS sufficient?

Provider DDNS may suffice if your router or hosting provider safely updates Cloudflare, supports needed records, and provides trustworthy logs.

How frequently should the agent run?

A brief interval of two to five minutes is typical for home and office networks. Opt for a longer polling interval if rapid failover isn’t critical.