github timothymiller/cloudflare-ddns 2.0.1
v2.0.1 — Rewritten in Rust
on GitHub

7 hours ago

A feature-complete dynamic DNS client for Cloudflare, written in Rust.

Highlights

  • Image size: ~1.9 MB — the smallest open-source Cloudflare DDNS Docker image available
  • Runtime RAM: ~3.5 MB — the most memory-efficient in its class
  • Smaller and leaner than Go-based alternatives
  • Built as a fully static binary from scratch with zero runtime dependencies

🐛 Bug Fix: Incorrect IP Detection via Cloudflare Trace

Users behind certain network configurations could see Cloudflare infrastructure IPs (e.g. 104.18.x.x) set as their DNS record instead of their real public IP.

What Changed

🌐 Trace endpoint URL changed to api.cloudflare.com

Before: Requests went to literal IPs 1.1.1.1 and 1.0.0.1, which some ISPs and network equipment intercept.

After: Primary requests now go to https://api.cloudflare.com/cdn-cgi/trace, which resolves via standard DNS and avoids interception. Literal IP fallbacks are retained for environments where DNS is
unavailable.

🔀 Split dialer for address family isolation

IP detection now uses dedicated HTTP clients per address family — IPv4 detection binds to 0.0.0.0, IPv6 detection binds to ::. This prevents the system from connecting via the wrong protocol (e.g. reaching
Cloudflare over IPv6 when detecting your IPv4 address), which could return the wrong IP.

🛡️ Global unicast validation on all detected IPs

All remote IP detection providers (Cloudflare Trace, Cloudflare DoH, ipify, custom URL) now validate that detected addresses are global unicast before accepting them. Private, loopback, link-local, multicast,
documentation, and CGNAT addresses are rejected with a warning.

☁️ Default IPv4 provider changed to cloudflare.trace

Both IPv4 and IPv6 now default to cloudflare.trace, keeping IP detection within the Cloudflare ecosystem. Users can still override via IP4_PROVIDER and IP6_PROVIDER.

⚙️ Upgrade Notes

  • No configuration changes required — existing setups will automatically benefit from the new trace URL and split dialer.
  • Users who had switched to ipify as a workaround for incorrect IP detection can switch back to cloudflare.trace if desired.
  • The IP4_PROVIDER and IP6_PROVIDER environment variables continue to work as before.
Check out latest releases or
releases around timothymiller/cloudflare-ddns 2.0.1

Don't miss a new cloudflare-ddns release

NewReleases is sending notifications on new releases.

Get notifications