Skip to content

deSEC DDNS update


A simple yet effective RouterOS script that updates a deSEC.io domain name with the latest WAN IPv4 and IPv6 addresses. It uses deSEC's API to push updates.


DOWNLOAD

▶️ deSEC DDNS script for Mikrotik RouterOS


▶️ deSEC DDNS script for Shell
Added for future usage. Mainly for limited Linux OS.


REQUIREMENTS

  • ✔️ Mikrotik device that supports scripts

    The script may require recent RouterOS to work properly. Make sure you have the latest updates installed before you begin.

  • ✔️ Active DNS domain name at deSEC.io

    The deSEC DNS name must have at least an appropriate IPv4 or IPv6 address before the script is run.

  • ✔️ A valid token for the deSEC domain name


  • For Shell
    ☑️ Curl, Dig, Awk, Logger


SETUP

1. After downloading the script, look at its header and change the deSEC values in between the quotes to match your own configuration.

#--- MODIFY THE NEXT VALUES IN THE SCRIPT AS NEEDED ---

# deSEC domain
:local desecDomain "## DOMAIN NAME ##"

# deSEC DNS Token
:local desecToken "## DESEC TOKEN ##"

# WAN interface name
:local wanInterface "## WAN INTERFACE NAME ##"


2. You can add the script via Terminal (CLI) or WINBOX. If you are familiar with Mikrotik systems, simply copy the script source to your Mikrotik device.


Terminal:

  • Add the script source contents using /system/script/add.
/system/script/add name=deSEC_DDNS policy=test,read source={## COPY THE CONTENTS INBETWEEN THESE BRACES ##}


WINBOX:

  • Go to System > Scripts
  • Select the Add (➕) button
    • Name the script deSEC_DDNS
    • Select policies read and test
    • Copy the script contents into the source box
    • Add a comment if you whish, and select OK

Add deSEC DDNS Script


3. Run the script for the first time to test if the update is successful.

4. Create a schedule to run the script.

5. Look in the system log for messages from the script. They start with deSEC DDNS.

Sample: 

[@MikroTik] > log/print where message~"deSEC DDNS"
03-25 00:23:43 script,info deSEC DDNS: dedyn.io DDNS Update START
03-25 00:23:43 script,warning deSEC DDNS: "domain.name" IPv4 (X.X.X.X) differs from current WAN IPv4 (Y.Y.Y.Y) - Sending update
03-25 00:23:45 script,info deSEC DDNS: "domain.name" updated successfully to Y.Y.Y.Y - Y:Y:Y::Y
03-25 00:23:45 script,info deSEC DDNS: dedyn.io DDNS Update END
03-25 00:30:00 script,info deSEC DDNS: dedyn.io DDNS Update START
03-25 00:30:00 script,info deSEC DDNS: "domain.name" IPv4 (Y.Y.Y.Y) equals to current WAN IPv4 (Y.Y.Y.Y) - Update not required
03-25 00:30:00 script,info deSEC DDNS: dedyn.io DDNS Update END


LIMITATIONS

⚠️ The script can only update one IP stack at a time. The provided WAN interface must have only one valid IPv4 and one global IPv6.

⚠️ If the DNS name exists, but with no appropriate IP, the script will fail due to a limited resolve command from RouterOS. Set the first IP manually.

⚠️ The domain's IPv6 address will not be validated due to a restricted resolve command from RouterOS.

⚠️ The script does not recognize HTTP error codes due to a restricted fetch command from RouterOS. Authentication failures are not detected.