[re-thc]

Cloudflare is the safest in that you can use Cloudflare tunnels to somewhat hide your origin.

Otherwise your origin is still public and there are ways to find out and attack it (bypassing Bunny) easily.

Cloudflare also has a WAF that Bunny says is coming soon (doesn’t apply to DNS only).

Bunny DNS is a relatively new product so it’s not as well tested.

[HappyCathode]

I'm planning on dropping anything that doesn't come from https://www.cloudflare.com/en-ca/ips/, but the tunnels in indeed even better... don't have to stay up-to-date with IP list, and don't have to waste CPU dropping bad traffic. Cloudflare is indeed the safest known solution.

And yeah Bunny.net are getting annoying with their "Coming Soon" stuff. S3 API has been "almost ready" since at least 2020, according to one of their Twitter post. It looks like they are way too small to deliver, but I really like them and I hope they will.

[decide1000]

How would you find the origin ip with Bunny? They proxy it as well right?

[HappyCathode]

I think they meant that your public IPs are responding to requests on :80 and :443. Port scanners are going to find it pretty fast and have fun.

[re-thc]

The OP only asks about using Bunny DNS (not the CDN) so the user can resolve your real IP behind it.