diff --git a/flake.lock b/flake.lock
index 9741ac0..c59935d 100644
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1739841949,
-        "narHash": "sha256-lSOXdgW/1zi/SSu7xp71v+55D5Egz8ACv0STkj7fhbs=",
+        "lastModified": 1753140376,
+        "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "15dbf8cebd8e2655a883b74547108e089f051bf0",
+        "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c",
         "type": "github"
       },
       "original": {
@@ -27,11 +27,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1738453229,
-        "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
+        "lastModified": 1753121425,
+        "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
+        "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e",
         "type": "github"
       },
       "original": {
@@ -42,11 +42,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1739866667,
-        "narHash": "sha256-EO1ygNKZlsAC9avfcwHkKGMsmipUk1Uc0TbrEZpkn64=",
+        "lastModified": 1752950548,
+        "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "73cf49b8ad837ade2de76f87eb53fc85ed5d4680",
+        "rev": "c87b95e25065c028d31a94f06a62927d18763fdf",
         "type": "github"
       },
       "original": {
@@ -72,11 +72,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1739262228,
-        "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=",
+        "lastModified": 1752544651,
+        "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975",
+        "rev": "2c8def626f54708a9c38a5861866660395bb3461",
         "type": "github"
       },
       "original": {
@@ -92,11 +92,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1740012831,
-        "narHash": "sha256-u6Y5ttXBuQ+tyyCei07QnbNL6Gydv55OpoGh4fXzTqg=",
+        "lastModified": 1753061983,
+        "narHash": "sha256-D6+1c1L1fFJBk7ngRrPC0gHgI2DXgw2y7wNHlKvGXvk=",
         "owner": "numtide",
         "repo": "srvos",
-        "rev": "f6ddf92bc61e021ea05c971a055624509ffac429",
+        "rev": "8290c5a78a4a73baf17acdc4da7aa8e92f85b249",
         "type": "github"
       },
       "original": {
diff --git a/targets/.terraform.lock.hcl b/targets/.terraform.lock.hcl
index 28e5f0f..432ec7c 100644
--- a/targets/.terraform.lock.hcl
+++ b/targets/.terraform.lock.hcl
@@ -2,36 +2,36 @@
 # Manual edits may be lost in future updates.
 
 provider "registry.opentofu.org/cloudflare/cloudflare" {
-  version = "4.51.0"
+  version = "5.6.0"
   hashes = [
-    "h1:lRBARGOEAeuBm5aC1P0bAAvs+F8+kSxV/UWiOWOIm44=",
+    "h1:o/lATFmVTaRMrjDxO72fQCrT+5pRaJZm5sOxfEIDqe0=",
   ]
 }
 
 provider "registry.opentofu.org/hashicorp/external" {
-  version = "2.3.4"
+  version = "2.3.5"
   hashes = [
-    "h1:i0CiDzSau8J/NcGlv6A3luRuYkqbnuO2c+XVrJ6YOoA=",
+    "h1:hYUVesfC2jghRIukmRfyrnrDmVSD9mFz5NHRvIGe/9c=",
   ]
 }
 
 provider "registry.opentofu.org/hashicorp/local" {
-  version = "2.5.2"
+  version = "2.5.3"
   hashes = [
-    "h1:eWrRygqR0Pmcg61LyF+vADOO3oewcqeHasTJ6niHGNk=",
+    "h1:xsAD0YnL2zyb3SXYWfSlUS7t56twQWi00UgfLBdB8Hg=",
   ]
 }
 
 provider "registry.opentofu.org/hashicorp/null" {
-  version = "3.2.3"
+  version = "3.2.4"
   hashes = [
-    "h1:tIPswUCP63F9jN+FulrFOJfVriHAMtLUPEkalbwa+Ys=",
+    "h1:1GVMEc1OgjqOyVOha/g+QCMTjWdvor5jTtW8+lRhWEo=",
   ]
 }
 
 provider "registry.opentofu.org/hetznercloud/hcloud" {
-  version = "1.49.1"
+  version = "1.51.0"
   hashes = [
-    "h1:dyK3/rOb8IJOM0trh328NovbYb+Rz33qui2/fg85hU8=",
+    "h1:6XyxR7UEIl1AbWKFWI/Rx3AXW0ccJ83sRL3/M7P6+Rw=",
   ]
 }
diff --git a/targets/dns/terraform.tf b/targets/dns/terraform.tf
index 7ce65b4..2f2f2ce 100644
--- a/targets/dns/terraform.tf
+++ b/targets/dns/terraform.tf
@@ -25,7 +25,7 @@ variable "vpn_hostname" {
   description = "Hostname for VPN"
 }
 
-resource "cloudflare_record" "realname_ipv4" {
+resource "cloudflare_dns_record" "realname_ipv4" {
   zone_id = module.dns.zone_id_realname
   name    = module.dns.domain_realname
   content   = var.vpn_ipv4
@@ -34,7 +34,7 @@ resource "cloudflare_record" "realname_ipv4" {
   proxied = false
 }
 
-resource "cloudflare_record" "netname_ipv4" {
+resource "cloudflare_dns_record" "netname_ipv4" {
   zone_id = module.dns.zone_id_netname
   name    = module.dns.domain_netname
   content   = var.vpn_ipv4
@@ -43,7 +43,7 @@ resource "cloudflare_record" "netname_ipv4" {
   proxied = false
 }
 
-resource "cloudflare_record" "realname_ipv6" {
+resource "cloudflare_dns_record" "realname_ipv6" {
   zone_id = module.dns.zone_id_realname
   name    = module.dns.domain_realname
   content   = var.vpn_ipv6
@@ -52,7 +52,7 @@ resource "cloudflare_record" "realname_ipv6" {
   proxied = false
 }
 
-resource "cloudflare_record" "netname_ipv6" {
+resource "cloudflare_dns_record" "netname_ipv6" {
   zone_id = module.dns.zone_id_netname
   name    = module.dns.domain_netname
   content   = var.vpn_ipv6
@@ -61,7 +61,7 @@ resource "cloudflare_record" "netname_ipv6" {
   proxied = false
 }
 
-resource "cloudflare_record" "realname_wildcard" {
+resource "cloudflare_dns_record" "realname_wildcard" {
   zone_id = module.dns.zone_id_realname
   name    = "*"
   content   = module.dns.domain_realname
@@ -70,7 +70,7 @@ resource "cloudflare_record" "realname_wildcard" {
   proxied = false
 }
 
-resource "cloudflare_record" "netname_wildcard" {
+resource "cloudflare_dns_record" "netname_wildcard" {
   zone_id = module.dns.zone_id_netname
   name    = "*"
   content   = module.dns.domain_netname
diff --git a/targets/vpn/configuration.nix b/targets/vpn/configuration.nix
index 7521178..19348f5 100644
--- a/targets/vpn/configuration.nix
+++ b/targets/vpn/configuration.nix
@@ -89,11 +89,11 @@ in
     caddy = {
       enable = true;
       package = pkgs.caddy.withPlugins {
-        plugins = [ "github.com/caddy-dns/cloudflare@v0.0.0-20250214163716-188b4850c0f2" ];
-        hash = "sha256-izuQXvxIq3ycxcUuMErz7MbP9RwLkj+bhliK9H6Heqc=";
+        plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ];
+        hash = "sha256-2D7dnG50CwtCho+U+iHmSj2w14zllQXPjmTHr6lJZ/A=";
       };
       globalConfig = ''    
-        acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+        dns cloudflare {env.CLOUDFLARE_API_TOKEN}
         cert_issuer acme {
           resolvers 1.1.1.1
         }
diff --git a/terraform/dns/main.tf b/terraform/dns/main.tf
index 4ec6cf8..1f0ed60 100644
--- a/terraform/dns/main.tf
+++ b/terraform/dns/main.tf
@@ -1,9 +1,15 @@
 data "cloudflare_zone" "realname" {
-  name = var.domain_realname
+  filter = {
+    name = var.domain_realname
+  }
+  # zone_id = "67bae557dc3c393a791380b3e9bae695"
 }
 
 data "cloudflare_zone" "netname" {
-  name = var.domain_netname
+  filter = {
+    name = var.domain_netname
+  }
+  # zone_id = "78566d48591f6b27665dd17dee31ed87"
 }
 
 output "domain_realname" {
@@ -15,9 +21,9 @@ output "domain_netname" {
 }
 
 output "zone_id_realname" {
-  value = data.cloudflare_zone.realname.id
+  value = data.cloudflare_zone.realname.zone_id
 }
 
 output "zone_id_netname" {
-  value = data.cloudflare_zone.netname.id
+  value = data.cloudflare_zone.netname.zone_id
 }