Skip to content
A small app that updates Gandi DNS records from any Cisco router/firewall or device that can send its pubblic IP over GET requests or POST
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


This simple app, lets you dynamicaly update a DNS record on Gandi registrar using any Cisco router, Cisco ASA firewall (with some restrictions) or device that is able to send its pubblic IP and fqdn (hostname + domain name) through a GET or POST request like dd-wrt, openwrt pfsense, freenas, Synology and many others.

From 0 to running

Download the app


  • Install bottlepy pip install bottle
  • Rename or copy 'config-test.json' to 'config.json'.



Default config looks like this:

  • port- The HTTP port to listen on
  • bind- The address that should be bound to for comunication. By default, this is "", meaning gandi-dyndns will bind to all addresses on the local machine.
  • apikey- Gandi apikey
  • log_enable- Enable or Disable logging to file
  • log_level - Log level to enable, possible values are: INFO, and DEBUG
  • log_file - Log file relative or absolute path

In this example, we suppose you want to manage

  • You must have a zone file on you gandi account named as your domain. e.g. needs a zone file called, if you don't have it, create it and link it to your domain here

  • Now edit the zone just created and add a new A record for the router subdomain:

Field Value
Type A
TTL 5 minutes
Name router
  • Once done, click on the button use this version to make the new zone file active.



Simply run the script

./ -c configfile

This app accepts one optional parameter -c, --config that defines the location of the config file, by default this config file has to be in the same directory where is.


Now your router, firewall or network appliance (for info about how to configure a cisco ASA firewall check the config section) can send updates to gandi-dyndns using GET or POST methods and the app will do the rest.


To test the app manually (be aware that this may update your DNS name) issue this from your terminal:

curl -i "http:localhost:8080/nic_update?ip=

Or if you want to simulate a POST request:

curl -i -X POST "http:localhost:8080/nic_update?ip=
  • fqdn This parameter is required and has to be the full FQDN of the device you want to update. e.g.
  • ip This parameter is optional and accepts only pubblic IP's. If none is supplied, the source address that generated the request is considered. This helps clients behind NAT or not able to send their IP to be used as well.

HTTP status codes

  • 200 => All good, 200 is given after updating the IP on Gandi and when there is no need to do so.
  • 400 => Bad request, some parameters are missing, not formatted correctly or the provided IP is not a pubblic one.
  • 404 => Not found, No domain found associated with the Gandi API, zone file missing or A record not found into the zone file.


You can monitor if the app is up and running by simply send GET or POST requests to '/ping'

curl -i "http://localhost:8080/ping"

HTTP/1.0 200 OK
Date: Mon, 10 Apr 2017 22:05:08 GMT
Content-Length: 12
Server: gandi-dyndns
Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8

I'am alive!

Cisco ASA configuration

Cisco ASA firewalls currently do not natively support DDNS Updates for HTTP-Based Protocols like routers do. This simple hack is the only way I found to overcome this:

On your ASA firewall, under config terminal mode, issue these two commands:

auto-update poll-period 30 5 1
auto-update server http://server:8080/nic_update? source outside

Note: Before entering the question mark (?) character, press the control (Ctrl) key and the v key together on your keyboard. This will allow you to enter the ? without the software interpreting the ? as a help query.

What your firewall will basically do is sending a POST request to your server that is running gandi-ddns every 30 minutes using the outside interface, if the request fails, it will try to send it again every minute for 5 times. Ip value is missing from the URL, so gandi will be updated with the source address of the request.

Details about the above commands can be found here

Dependencies & Limitations

  • bottlepy
  • Gandi API. If you don't have it yet, enable the API from Gandi
  • You must have a zone file on you gandi account named as your domain. e.g. needs a zone file called
  • You can manage as many domains and subdomain as you want, but they all have to be owned by the same apikey.
  • You will notice that gandi-dyndns sometimes needs quite a lot of time to respond with a 200 (~2s.), this is due to the slow nature of the Gandi API's.
  • HTTPS is not available yet
  • Tested under Unix & Mac OS X using python 2.7.x
You can’t perform that action at this time.