Skip to content

Instantly share code, notes, and snippets.

@mueslo

mueslo/ddns_ud.sh

Last active October 16, 2025 08:46
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save mueslo/9258f8b75fe942d36eea4a6d67019f81 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save mueslo/9258f8b75fe942d36eea4a6d67019f81 to your computer and use it in GitHub Desktop.
Download ZIP
Dynamic A-Record DNS Updater for united-domains.de (OpenWRT/LEDE)
Raw
ddns_ud.sh
#!/bin/sh
# requires: wget, ca-certificates, grep, oath-toolkit
#rm -f /tmp/cookies.txt
cookiefile="/tmp/cookies.txt"
#domain should contain "domain_id-record_id"
domain_id=$(echo $domain | tr "-" "\n" | sed -n "1p")
record_id=$(echo $domain | tr "-" "\n" | sed -n "2p")
totp_seed="$param_opt"
form_csrf() {
echo "$1" | /bin/grep -oP -m 2 "(?<=<input type=\"hidden\" name=\"csrf\" value=\")[^\"]*(?=\"( /)?>)" | tail -1
}
meta_csrf() {
echo "$1" | /bin/grep -oP -m 1 "(?<=<meta name=\"csrf\" content=\")[^\"]*(?=\"( /)?>)"
}
script_csrf() {
echo "$1" | /bin/grep -oP -m 1 "(?<=\"CSRF_TOKEN\":\")[^\"]*(?=\")"
}
#csrf tokens for login + language xmlhttprequest required to login (nice try blocking my API access, UD)
loginpage=$(/usr/bin/wget --save-cookies $cookiefile --keep-session-cookies --delete-after -qO- "https://www.united-domains.de/login/")
csrf=$(form_csrf "$loginpage")
csrfmeta=$(meta_csrf "$loginpage")
csrfscript=$(script_csrf "$loginpage")
/usr/bin/wget --load-cookies $cookiefile --save-cookies $cookiefile --keep-session-cookies --delete-after --post-data "language=en-US" --header="HTTP-X-CSRF-TOKEN: $csrfmeta" --header="X-Csrf-Token: $csrfscript" --header="X-Requested-With: XMLHttpRequest" -qO- "https://www.united-domains.de/set-user-language"
#login
echo 'login'
payload="csrf=$csrf&email=$username&pwd=$password&selector=login&submit=Login"
loginresp=$(/usr/bin/wget --load-cookies $cookiefile --save-cookies $cookiefile --keep-session-cookies --post-data "$payload" -qO- "https://www.united-domains.de/login/")
echo "$loginresp" | grep -i "fehler" | cat
loginsucc=$(echo "$loginresp" | grep -c -i "fehler" | cat)
test 0 -eq "$loginsucc"
#totp
echo 'totp'
csrf=$(form_csrf "$loginresp")
totp_token=$(oathtool --totp -b "$totp_seed")
payload="csrf=$csrf&totp=$totp_token&submit=Login"
loginresp=$(/usr/bin/wget --load-cookies $cookiefile --save-cookies $cookiefile --keep-session-cookies --post-data "$payload" -qO- "https://www.united-domains.de/login/")
loginsucc=$(echo "$loginresp" | grep -c -i "fehler" | cat)
test 0 -eq "$loginsucc"
#get current dns record json object & modify ip
echo 'fetch'
record=$(/usr/bin/wget --load-cookies $cookiefile --save-cookies $cookiefile --keep-session-cookies -qO- "https://www.united-domains.de/pfapi/dns/domain/$domain_id/records")
#echo "got record: $record"
record=$(echo "$record" | jsonfilter -e "$[\"data\"][\"A\"][@.id=$record_id]" | sed "s/ //g" | sed "s/\"address\":\"[0-9.]\+\"/\"address\":\"$ipv4\"/g")
#echo "processed record: $record"
payload="{\"record\":$record,\"domain_lock_state\":{\"dns_locked\":false,\"dns_locked_by_own_ns\":false,\"domain_locked\":false,\"email_locked\":false,\"web_locked\":false}}"
url="https://www.united-domains.de/pfapi/dns/domain/$domain_id/records"
echo "payload $payload"
#send changes
echo 'post'
output=$(/usr/bin/wget --load-cookies $cookiefile --method=PUT --header=Content-Type:application/json --header="Http-X-Csrf-Token: $csrfmeta" --body-data=$payload -O- $url 2>&1)
update_exitcode=$?
echo "UD answered ($update_exitcode): $output"
write_log 7 "UD answered ($update_exitcode):\n$output"
return $update_exitcode
@mueslo
Copy link
Author

mueslo commented Sep 21, 2025
edited
Loading

Seems like 2FA via e-mail is now forced on for everyone. I have added TOTP functionality. Note that at least in my case, the record id of my dns record changed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment