Skip to content

How to Keep Subdomain DNS Pointing to Correct Public IP


This article will outline the need for keeping the public IP address of subdomain records up to date. This is done for the domain record via Dynamic DNS by way of pfSense, although the wildcard does not work as intended, creating a challenge where the root domain is updated, but the subdomains are not. (1)

  1. Because of the current network configuration, the subdomains are reliant on obtaining the proper public IP address of the WAN interface, and not the Mullvad (VPN) interface. This forces the Raspberry Pi to need to reside on VLAN20 in order to obtain the proper public IP address.

To deal with this effectively, ddclient will be installed on a Raspberry Pi Zero W. It will be set to run every 5 minutes. The guide below will also outline how to change this if necessary.


In order to install ddclient, open a terminal and run the following:

sudo apt install ddclient libjson-any-perl ssh libio-socket-ssl-perl -y

Once this has been installed, the install location can be found at /usr/sbin/ddclient, while the configuration file can be found at /etc/ddclient.conf.

This is important to make note of as it will come into play when configuring crontab.

Open the configuration file with the following syntax and ensure the configuration file looks as follows:

sudo nano /etc/ddclient.conf

# Configuration file for ddclient generated by debconf
# /etc/ddclient.conf

web-skip="IP Address"

## Cloudflare (
protocol=cloudflare,                            \
ssl=yes                                 \,                      \,                           \
login=${{ email_address }},                     \
password= ${{ password }}                     \,        #add all applicable subdomains

The settings within the configuration file can be tested with the following syntax:

sudo ddclient -daemon=0 -debug -verbose =noquiet

If the output is nearly continuous without manually cancelling the job, it likely means the settings are correct. If not, one or more errors may be thrown with much less output.

Setting up a Cronjob

Open a new/existing crontab by using:

sudo crontab -e -u root

Scroll down and enter the following on a new line:

*/5 * * * * /usr/sbin/ddclient --force

The length of time can be adjusted as needed, although the above code will set the crontab to execute every 5 minutes. This means that if the public IP changes at any point, the new IP address will be sent to Cloudflare within 5 minutes, keeping downtime to a minimum.

The crontab will automatically reload as soon as the editor is exited, however, it can always be reloaded with the following:

sudo service cron reload

Restart ddclient and check the status with the following:

sudo service ddclient restart && sudo service ddclient status

The status should now be listed as Active. The ddclient service can additionally be run at any time by using:

sudo ddclient

While the setup can be done with reasonable certainty that it will continue running as it should, if the cron job fails, it will fail silently, At this point, the only way of knowing it failed is if one or more services go down. This is where comes into play. The service can be setup to monitor a certain cron job at a particular interval with a unique link inserted into the crontab configuration.

Using the above as an example, the crontab line would look as follows:

*/5 * * * * /usr/sbin/ddclient --force && curl -fsS --retry 3 > /dev/null