Release
Quality
Repository
Reference

---

hetzner-dyndns

A proxy server for updating DNS records on Hetzner DNS using the DynDNS protocol.

Usage

Prerequisites

• A DNS zone managed by Hetzner DNS
• An API token for the Hetzner DNS API (obtainable from the Hetzner DNS Console)
• A DynDNS client (e.g. a router) that supports the DynDNS protocol
• A server with a static IP address that is reachable from the internet to run the proxy server on

Set up the server

Start the server by running the provided binary from the latest release or using the Docker image marvinruder/hetzner-dyndns:

docker run -p 8245:8245 -e ZONE=example.com -e TOKEN=eWVzLCBpIGFtIGEgdG9rZW4= marvinruder/hetzner-dyndns:latest

A Docker Compose setup could look like this:

services:
  hetzner-dyndns:
    image: marvinruder/hetzner-dyndns:latest
    ports:
      - 8245:8245
    environment:
      ZONE: example.com
      TOKEN: eWVzLCBpIGFtIGEgdG9rZW4=

The server uses plain HTTP on port 8245. It is recommended to use a reverse proxy like nginx to add HTTPS support. A different port can also be configured using the reverse proxy or Docker.

The following environment variables are supported, none of which are required:

Variable	Description
COLOR	Whether the log output should be colored. Set to true to enforce colored output, or false to enforce plain output. If not provided, the output will be colored if the output is a terminal.
ZONE	The DNS zone to use. The zone must still be provided as the username in every client request, but only those with the configured zone will be forwarded to Hetzner DNS API. If not provided, requests with any zone will be accepted.
TOKEN	The token to use for authentication against the Hetzner DNS API. The token must still be provided as the password in every client request, but only those with the configured token will be forwarded to Hetzner DNS API. If not provided, requests with any token will be accepted.
LOG_LEVEL	The minimum level of messages to log. Messages with lower levels will be discarded. Possible values are ERROR, WARN, INFO (the default) and DEBUG.

Configure a client

To update a DNS record, configure your DynDNS client (e.g. a router) to use

• the DNS zone (e.g. example.com) as the username,
• the token (e.g. eWVzLCBpIGFtIGEgdG9rZW4=) as the password,
• the desired dynamic hostname (e.g. home.example.com) as the hostname,
• the hostname or public IP address of the server (e.g. dyndns.example.com) as the update server address,
• the port of the server (default: 8245) as the update server port, and
• HTTP as the update protocol (or HTTPS if you use a reverse proxy with HTTPS support, which is recommended).

Your client will take care of identifying changes in its public IP address and sending the appropriate requests to the server, keeping the DNS record up to date.

Documentation

A detailed description of the DynDNS protocol is published by Oracle here.

Limitations of this implementation

• Only the HTTP GET method is implemented.
• Query parameters other than hostname and myip are not implemented.
• Only one hostname can be updated per request.
• It is not checked whether a request contains a valid User-Agent header.

Contribute

Contributions are welcome!

License

This software is provided under the conditions of the MIT License.

Authors

• Marvin A. Ruder (he/him)