Cloudflared

Cloudflared may be used to run a local DNS over HTTPS server (DoH), i.e., a stub resolver.

Installation

Install the cloudflared package.

Usage

Run cloudflared proxy-dns to run a DNS over HTTPS proxy server.

Use the --address and --port options to specify the address and port cloudflared listens to. They default to localhost and 53 respectively. For a list of available command line options, see here.

You can create a systemd service file, for example:

/etc/systemd/system/cloudflared.service
[Unit]
Description=DNS over HTTPS proxy client
Wants=network-online.target nss-lookup.target
Before=nss-lookup.target

[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
DynamicUser=yes
ExecStart=/usr/bin/cloudflared proxy-dns --port 54

[Install]
WantedBy=multi-user.target
Note: The extra package does not provide a service file. See archlinux/packaging/packages/cloudflared#1.

After starting the service, you can test that it works by using drill(1) (provided by the ldns package):

$ drill archlinux.org @127.0.0.1 -p 54

Checking

Use 1.1.1.1/help to check if browser is using Cloudflare DoH.

Endpoints

By default cloudflared uses https://1.1.1.1/dns-query and https://1.0.0.1/dns-query, i.e. Cloudflare's DNS over HTTPS servers, as upstream endpoint URLs.

You can specify different upstream endpoint URLs with the --upstream option.

Note: Choose a DNS resolver you trust. See Domain name resolution#Third-party DNS services.

See also

This article is issued from Archlinux. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.