Cloudflared DoH proxy
This is a short tutorial on setting up cloudflared to proxy DoH for use with service like Pi.Hole. Old guides use
sudo cloudflared service install --legacy and the
--legacy flag was removed.
The first thing that is needed is to install cloudflared, install instructions. For linux based OSs, I use the cloudflared package repo as it makes it easier to update.
If you want to manually install it then you can use the following commands. Please make a note on the architecture you are installed on and make adjustments as needed. See the releases for a full list of supported architectures.
1wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb 2sudo apt-get install ./cloudflared-linux-amd64.deb 3cloudflared -v
Copy the below text and save it to
1 2[Unit] 3Description=cloudflared DNS over HTTPS proxy 4After=network-online.target 5 6[Service] 7TimeoutStartSec=0 8Type=notify 9ExecStart=/usr/local/bin/cloudflared --no-autoupdate proxy-dns --port 5053 --upstream https://18.104.22.168/dns-query --upstream https://22.214.171.124/dns-query 10Restart=on-failure 11RestartSec=10 12 13[Install] 14WantedBy=multi-user.target
You can change the upstream servers to others such as Google's
https://126.96.36.199/dns-query or Cloudflare's Zero Trust Gateway DNS servers.
If you want to add your cloudflared options as a config file then run the following commands
1sudo mkdir /etc/cloudflared/ 2sudo nano /etc/cloudflared/config.yml
1proxy-dns: true 2proxy-dns-port: 5053 3proxy-dns-upstream: 4 - https://188.8.131.52/dns-query 5 - https://184.108.40.206/dns-query
you will need to change the
ExecStart=/usr/local/bin/cloudflared --no-autoupdate --config /etc/cloudflared/config.yml.
After the service file has been added run the following to enable it and start on reboot:
1sudo systemctl daemon-reload 2sudo systemctl enable --now cloudflared-doh.service
Make sure that the service is healthly:
sudo systemctl status cloudflared
Test that DNS is resolving:
dig @127.0.0.1 -p 5053 google.com
Running with Docker
If you want to use docker to run the proxy then you can use Cloudflare's Image or a Community Maintained Image.
docker run -d -p 53:53/udp --name cloudflared-doh <cloudflared/image> proxy-dns
If you want to add upstream servers, defaults to cloudflare, then append
--upstream <upstream> to the end of the command.