Forge Home


Install ipv6 dyndns client and/or server

Florian Heinle



4,881 latest version

4.7 quality score

Version information

  • 0.1.0 (latest)
released Mar 31st 2018
This version is compatible with:
  • Puppet Enterprise 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 4.7.0 < 6.0.0
  • Debian

Start using this module


fheinle/ddns — version 0.1.0 Mar 31st 2018


This module will install ddnsv6, a client/server-combo that collects ipv6 addresses from hosts and uploads those as AAAA records to CloudFlare.

Table of Contents


What ddnsv6 affects

  • Checks out the git repo and installs ruby dependencies
  • Creates a system user
  • Creates config files on server and client hosts
  • Creates a whitelist on the server that contains all client hostnames
  • Installs a cronjob on the client that uploads IPs and a cronjob on the server that updates AAAA-record

Setup requirements

  • (At least) two hosts: one server and (at least) one client
  • IPv6 connectivity in your network
  • working PuppetDB
  • CloudFlare account that manages DNS for a domain
  • Strongly recommended: webserver that handles SSL termination and authentication


This is a basic puppet manifest that will install client and server when included for your hosts:

$ddns_server         = lookup('ddns::ddns_server', String)
$client_password     = lookup('ddns::client_password', String)
$cloudflare_user     = lookup('ddns::cloudflare_user', String)
$cloudflare_password = lookup('ddns::cloudflare_password', String)

include ::ddns
if $install_client == true {
    class { '::ddns::client':
        ddns_server     => $ddns_server,
        client_password => $client_password,
} elsif $install_server == true {
    class { ':ddns::server':
        domain_whitelist    = [$facts['domain']],
        cloudflare_user     = $cloudflare_user,
        cloudflare_password = $cloudflare_password

The variables referenced at the manifest's head need to be set in Hiera, of course. Additionally, in order to use authentication and SSL, a webserver that serves the server's sinatra web app needs to be set up (out of scope for this README).


Class ::ddns

Handles basic installation, creates the system user, checks out the tool's github repo and installs ruby dependencies.


  • install_directory (String): Where to check out the script repo
  • install_repo (String): Repo URL to check out
  • install_version (String): Git branch name, tag name or revision to check out
  • ddns_user(String): Username that should be used for the script
  • create_ddns_user (Boolean): Whether to create the system user. If false, needs to be created somewhere else (maybe with your directory services)

Class ::ddns::client

Configures the client, creates the client's cronjob and the whitelist fragment for the host.


  • ddns_server (String): Hostname for communication with the server
  • ddns_server_ssl (Boolean) Default: true: Whether to use SSL for communication with the server
  • ddns_server_port (Integer) Default: 443: Port number to use for communication with the server
  • client_username (String) Default: ddns: Username for HTTP authentication
  • client_password (String): Password for HTTP authentication
  • ipv6_prefix (String): IPv6 prefix the address must match to be transmitted to the server (without network part, e.g. 2001)

Class ::ddns::server

Configures the server, installs ruby dependencies for the server, installs the worker's cronjob and creates the host whitelist.


  • domain_whitelist (Array): List of domains that are managed by the server
  • cloudflare_user (String): CloudFlare username
  • cloudflare_password (String): CloudFlare API-Key
  • ipv6_prefix (String): IPv6 prefix the address must match to be transmitted to the server (without network part, e.g. 2001)


  • Currently the setup only cares about authentication but not about authorization. I.e. there's no checks if hosts that send update notices to the server are actually allowed to send those updates. This setup assumes the clients are trustworthy.
  • Webserver vhost creation for handling SSL and authentication must be done separately.