When configuring Dynamic DNS updates through CloudFlare's API in DD-WRT, many users encounter the 303 redirect issue where the response isn't properly handled by the router's inadyn client. The core problem lies in how DD-WRT's implementation processes HTTP redirect responses.
CloudFlare's API returns a 303 See Other response with the actual API call in the Location header. While this works in browsers, DD-WRT's inadyn client fails to follow the redirect properly. Here's what the response looks like:
HTTP/1.1 303 See Other
Location: https://www.cloudflare.com/api.html?a=DIUP&u=USER&tkn=TOKEN&ip=IP&hosts=RECORD
Instead of using the built-in inadyn service, we can create a custom script that handles the redirect properly. Here's a bash script alternative:
#!/bin/sh
USER="your@email.com"
TOKEN="your_api_token"
RECORD="subdomain.yourdomain.com"
IP=$(curl -s https://api.ipify.org)
curl -4 -s "https://www.cloudflare.com/api.html?a=DIUP&u=$USER&tkn=$TOKEN&ip=$IP&hosts=$RECORD"
For users who prefer using ddclient instead of custom scripts:
# ddclient.conf
daemon=300
syslog=yes
pid=/var/run/ddclient.pid
ssl=yes
protocol=cloudflare, \
server=www.cloudflare.com, \
login=your@email.com, \
password=your_api_token, \
zone=yourdomain.com, \
subdomain.subdomain
When working with API tokens:
- Never hardcode credentials in scripts
- Use token with minimal required permissions
- Consider IP restriction for API tokens
- Rotate tokens periodically
Before implementing in production, test your setup with:
ddclient -daemon=0 -debug -verbose -noquiet
This will show you the raw API communication and help identify any remaining issues.
When configuring CloudFlare's Dynamic DNS with DD-WRT's inadyn client, users frequently encounter the "Error validating DYNDNS svr answer" despite having correct credentials. The issue stems from how inadyn handles CloudFlare's API response format.
CloudFlare's API returns a 303 redirect response containing the actual API URL in the Location header, but inadyn expects the API response directly. Here's the problematic flow:
HTTP/1.1 303 See Other
Location: https://www.cloudflare.com/api.html?a=DIUP&u=USER&tkn=TOKEN&ip=IP&hosts=RECORDFor DD-WRT v24-sp2, use this custom inadyn configuration:
--dyndns_system custom@https://www.cloudflare.com/api.html
--username your_login
--password your_token
--alias your_record.example.com
--server www.cloudflare.com
--ip_server checkip.dyndns.org/,/
--update_period_sec 300
--forced_update_period 3600
--backgroundOption 1: Modify the DD-WRT source to handle 303 responses:
// In inadyn/src/http.c
if (status_code == 303) {
parse_location_header(response);
follow_redirect();
}Option 2: Use curl script as a cron job alternative:
#!/bin/sh
IP=$(curl -s checkip.dyndns.org | sed -n 's/.*Current IP Address: $[0-9.]*$.*/\1/p')
curl "https://www.cloudflare.com/api.html?a=DIUP&u=USER&tkn=TOKEN&ip=$IP&hosts=RECORD"- Enable verbose logging in DD-WRT:
--verbose 5 - Verify API response format with:
curl -v "https://www.cloudflare.com/api.html?a=DIUP..." - Check inadyn version compatibility: requires v1.96-ADV or later
When storing API tokens:
chmod 600 /tmp/ddns_cloudflare.conf
use HTTPS exclusively
implement IP whitelisting in CloudFlare dashboard