Last active
October 16, 2025 08:46
-
-
Save mueslo/9258f8b75fe942d36eea4a6d67019f81 to your computer and use it in GitHub Desktop.
Dynamic A-Record DNS Updater for united-domains.de (OpenWRT/LEDE)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # requires: wget, ca-certificates, grep, oath-toolkit | |
| #rm -f /tmp/cookies.txt | |
| cookiefile="/tmp/cookies.txt" | |
| #domain should contain "domain_id-record_id" | |
| domain_id=$(echo $domain | tr "-" "\n" | sed -n "1p") | |
| record_id=$(echo $domain | tr "-" "\n" | sed -n "2p") | |
| totp_seed="$param_opt" | |
| form_csrf() { | |
| echo "$1" | /bin/grep -oP -m 2 "(?<=<input type=\"hidden\" name=\"csrf\" value=\")[^\"]*(?=\"( /)?>)" | tail -1 | |
| } | |
| meta_csrf() { | |
| echo "$1" | /bin/grep -oP -m 1 "(?<=<meta name=\"csrf\" content=\")[^\"]*(?=\"( /)?>)" | |
| } | |
| script_csrf() { | |
| echo "$1" | /bin/grep -oP -m 1 "(?<=\"CSRF_TOKEN\":\")[^\"]*(?=\")" | |
| } | |
| #csrf tokens for login + language xmlhttprequest required to login (nice try blocking my API access, UD) | |
| loginpage=$(/usr/bin/wget --save-cookies $cookiefile --keep-session-cookies --delete-after -qO- "https://www.united-domains.de/login/") | |
| csrf=$(form_csrf "$loginpage") | |
| csrfmeta=$(meta_csrf "$loginpage") | |
| csrfscript=$(script_csrf "$loginpage") | |
| /usr/bin/wget --load-cookies $cookiefile --save-cookies $cookiefile --keep-session-cookies --delete-after --post-data "language=en-US" --header="HTTP-X-CSRF-TOKEN: $csrfmeta" --header="X-Csrf-Token: $csrfscript" --header="X-Requested-With: XMLHttpRequest" -qO- "https://www.united-domains.de/set-user-language" | |
| #login | |
| echo 'login' | |
| payload="csrf=$csrf&email=$username&pwd=$password&selector=login&submit=Login" | |
| loginresp=$(/usr/bin/wget --load-cookies $cookiefile --save-cookies $cookiefile --keep-session-cookies --post-data "$payload" -qO- "https://www.united-domains.de/login/") | |
| echo "$loginresp" | grep -i "fehler" | cat | |
| loginsucc=$(echo "$loginresp" | grep -c -i "fehler" | cat) | |
| test 0 -eq "$loginsucc" | |
| #totp | |
| echo 'totp' | |
| csrf=$(form_csrf "$loginresp") | |
| totp_token=$(oathtool --totp -b "$totp_seed") | |
| payload="csrf=$csrf&totp=$totp_token&submit=Login" | |
| loginresp=$(/usr/bin/wget --load-cookies $cookiefile --save-cookies $cookiefile --keep-session-cookies --post-data "$payload" -qO- "https://www.united-domains.de/login/") | |
| loginsucc=$(echo "$loginresp" | grep -c -i "fehler" | cat) | |
| test 0 -eq "$loginsucc" | |
| #get current dns record json object & modify ip | |
| echo 'fetch' | |
| record=$(/usr/bin/wget --load-cookies $cookiefile --save-cookies $cookiefile --keep-session-cookies -qO- "https://www.united-domains.de/pfapi/dns/domain/$domain_id/records") | |
| #echo "got record: $record" | |
| record=$(echo "$record" | jsonfilter -e "$[\"data\"][\"A\"][@.id=$record_id]" | sed "s/ //g" | sed "s/\"address\":\"[0-9.]\+\"/\"address\":\"$ipv4\"/g") | |
| #echo "processed record: $record" | |
| payload="{\"record\":$record,\"domain_lock_state\":{\"dns_locked\":false,\"dns_locked_by_own_ns\":false,\"domain_locked\":false,\"email_locked\":false,\"web_locked\":false}}" | |
| url="https://www.united-domains.de/pfapi/dns/domain/$domain_id/records" | |
| echo "payload $payload" | |
| #send changes | |
| echo 'post' | |
| output=$(/usr/bin/wget --load-cookies $cookiefile --method=PUT --header=Content-Type:application/json --header="Http-X-Csrf-Token: $csrfmeta" --body-data=$payload -O- $url 2>&1) | |
| update_exitcode=$? | |
| echo "UD answered ($update_exitcode): $output" | |
| write_log 7 "UD answered ($update_exitcode):\n$output" | |
| return $update_exitcode |
Author
Seems like 2FA via e-mail is now forced on for everyone. I have added TOTP functionality. Note that at least in my case, the record id of my dns record changed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@rapkin61 I went to cloudflare. No need to transfer your Domain. Just add it to the Dashboard and set the NS records. If you want to keep mail functionality, set it accordingly in the UD settings and set the MX records as shown in the instructions.
Never had any trouble with it after going that route. And much stuff has integration for Cloudflare like certbot.