GhostlyDDns for Cloudflare Dynamic DNS

GhostlyDDns keeps Cloudflare dynamic DNS under your control

Last Update 1/29/2026
Price
10 €Approximately $11.60

GhostlyDDns is a small .NET CLI that runs on your own machine and updates existing Cloudflare A and AAAA records when your public IP changes. It is useful for home servers, office networks, labs, and self-hosted services that need a stable domain without sending DNS control to another SaaS provider.

Choose an edition Review the setup Check the fit

Overview

Dynamic DNS solves the changing IP problem, not every hosting problem

Many home and small office internet connections get a new public IP from time to time. Dynamic DNS keeps a domain pointed at the current address so a VPN, dashboard, test site, or self-hosted app stays reachable. GhostlyDDns focuses on Cloudflare zones and updates the records you already created.

Cloudflare A records Cloudflare AAAA records Runs locally No telemetry

Fit check

Use GhostlyDDns when Cloudflare is your DNS source of truth

The best fit is a network where the public address can change, but the domain should keep working. If your router or hosting provider already handles the exact Cloudflare update you need, you may not need another agent.

Good fit

Where GhostlyDDns helps

  • You use Cloudflare DNS and already have the A or AAAA records you want to maintain.
  • Your home, office, lab, or fallback network gets a changing public IP.
  • You want the Cloudflare API token stored locally instead of inside a third-party DDNS service.
  • You need the same config style on Windows, Linux, or Linux ARM.
Poor fit

Where another DDNS path is simpler

  • Your internet provider gives you a static public IP and DNS rarely changes.
  • Your router already updates Cloudflare safely with scoped credentials and useful logs.
  • You need a hosted dashboard, team access controls, alerts, and managed support.
  • You expect the tool to create Cloudflare records from nothing in version one.
Table of Content

Cloudflare updates

GhostlyDDns updates only when your public IP actually changes

The agent checks your public IPv4 and IPv6 addresses, compares them with the last known value, and then calls the Cloudflare API only when an A or AAAA record needs a new target. This keeps the update loop quiet and avoids unnecessary API traffic.

IPv4

A records follow the current IPv4 address

Use A records for IPv4 services such as a home VPN endpoint, small dashboard, reverse proxy, or test site.

IPv6

AAAA records can follow IPv6 when your host has it

Enable IPv6 only when the machine has a stable routed IPv6 path. Otherwise keep the IPv6 detector disabled.

API

Cloudflare calls stay change-aware

GhostlyDDns compares values first and updates Cloudflare only when the DNS target should change.

Privacy and safety

Local execution keeps the sensitive parts close to your network

GhostlyDDns does not need a hosted control panel. Your Cloudflare API token stays on the machine that runs the agent, logs stay local, and the update loop can run behind your own firewall, scheduler, or systemd service.

Token scope

Use the smallest useful Cloudflare API token

Limit the token to the zone and DNS edit permissions GhostlyDDns actually needs. Do not reuse an account-wide token for a simple DDNS job.

Local config

Protect the YAML file like a secret

The config can contain the Cloudflare API token. Keep file permissions tight and avoid pasting it into screenshots, tickets, or public logs.

No SaaS control

The update loop runs where you place it

GhostlyDDns does not require an external control panel. Your scheduler, firewall, logs, and retry policy remain part of your own setup.

Operational checks

Monitor failures, not every normal run

A quiet successful run is expected. Watch non-zero exit codes, repeated Cloudflare failures, and detection endpoints that stop responding.

Setup flow

The reliable path is zone first, token second, scheduler third

A clean DDNS setup is mostly preparation. Create the record, scope the Cloudflare token to the zone, test a dry run, and then place the agent into the scheduler that fits your operating system.

01

Create the record

Add the A or AAAA record in Cloudflare first, choose the proxy mode, and use a temporary hostname while testing.

02

Scope the token

Create a Cloudflare API token that can edit DNS for the intended zone and nothing broader.

03

Run a dry check

Use the dry command to confirm the config, record names, detectors, and Cloudflare access before a live update.

04

Schedule the agent

Run once from a timer or run continuously as a service, then check logs and exit codes during the first few IP changes.

Configuration

One YAML file describes the token, records, interval, IP detection, and logs

Keep the configuration simple and reviewable. Store the token securely, set the polling interval to match your needs, enable IPv6 only when the host has a real IPv6 route, and list every Cloudflare record that should follow the public IP.

Core CLI commands

Use dry runs before enabling a repeating job. They show what GhostlyDDns would update without turning the first setup into a blind production change.

CLI
ghostly-ddns init-config --path ./config.yaml
ghostly-ddns dry --config ./config.yaml
ghostly-ddns once --config ./config.yaml
ghostly-ddns run --config ./config.yaml
ghostly-ddns --help
ghostly-ddns --version

Example YAML config

The exact values depend on your Cloudflare zone and record names, but the shape stays small enough for normal code review.

YAML
cloudflare:
  api_token: CF_API_TOKEN

update:
  interval_seconds: 120

ip_detection:
  detect_ipv4: true
  detect_ipv6: false
  v4_endpoints:
    - https://api.ipify.org
    - https://ipv4.icanhazip.com
  v6_endpoints:
    - https://api6.ipify.org

logging:
  retention_days: 30

records:
  - name: home.example.com
    type: A
    proxied: true
    ttl: auto

Deployment

Run GhostlyDDns like a small infrastructure service

For Linux, a systemd service and timer make the agent easy to restart and audit. For Windows, Task Scheduler can run the same command on a fixed interval. In both cases, logs should be easy to find and the config file should not be world-readable.

Linux systemd timer

Use a dedicated service account where possible and keep the config in a protected directory.

systemd
[Unit]
Description=Run GhostlyDDns

[Service]
Type=oneshot
ExecStart=/usr/local/bin/ghostly-ddns once --config /etc/GhostlyDDns/config.yaml

[Timer]
OnBootSec=60
OnUnitActiveSec=120
Unit=ghostly-ddns.service

[Install]
WantedBy=timers.target

Windows Task Scheduler

Run the same CLI command every few minutes and monitor non-zero exit codes in your normal operations workflow.

Task Scheduler
schtasks /Create ^
  /SC MINUTE /MO 5 ^
  /TN "GhostlyDDns" ^
  /TR "C:\GhostlyDDns\ghostly-ddns.exe once --config C:\GhostlyDDns\config.yaml" ^
  /RL HIGHEST ^
  /F

Editions

Choose the build that matches where the DDNS agent will run

Each license covers GhostlyDDns one dot x updates for the selected edition. Pick Windows for a small office machine, Linux for a VPS or home server, or Linux ARM for low-power devices that should keep DNS current all day.

Desktop or office

Windows

Use this when a Windows machine stays online and should keep a Cloudflare record current for a small network.

Open Windows edition
Server

Linux

Use this for a VPS, home server, lab box, or reverse proxy host that already runs unattended services.

Open Linux edition
Low power

Linux ARM

Use this for ARM64 devices that are always on and can run a small DDNS agent with low overhead.

Open Linux ARM edition

Get started

Start with one test record before you automate production DNS

Create a temporary subdomain, run GhostlyDDns in dry mode, confirm the Cloudflare token can only edit the intended zone, and then move the same config shape to the record that matters.

Get Windows edition Get Linux edition

FAQ

What does GhostlyDDns automate?

GhostlyDDns updates existing Cloudflare A and AAAA records when your public IPv4 or IPv6 address changes. It does not replace Cloudflare DNS or create a hosting platform.

Does GhostlyDDns create new Cloudflare records?

Version one is intended to update records that already exist. Create the DNS records in Cloudflare first, then let GhostlyDDns keep their targets current.

Where should I store the Cloudflare API token?

Store the token on the machine that runs GhostlyDDns and protect the YAML file with restrictive permissions. The token should only be able to edit DNS for the intended zone.

Can GhostlyDDns update IPv6 records?

Yes. Enable IPv6 detection when the host has a real routed IPv6 address. GhostlyDDns can update AAAA records when the detected IPv6 address changes.

When is provider DDNS enough?

Provider DDNS can be enough when your router or hosting provider already updates Cloudflare safely, supports the records you need, and gives you logs you trust.

How often should the agent run?

A short interval such as two to five minutes is common for home and office networks. Use a longer polling interval when fast failover is not important.