cloudflared has many functions. When it comes to DNS, it can work as an encrypted DNS proxy. By default it listens for DNS requests and forwards them to Cloudflare DNS server over HTTPS.
But cloudflared can work with any upstream DoH server, including your self-hosted servers.
Let's for example see how to forward DNS queries to Google's encrypted DNS server using cloudflared:
cloudflared proxy-dns --upstream https://dns.google/dns-query --port 53
This command tells cloudflared to listen on local port 53 (127.0.0.1:53) for DNS queries. It then encrypts and forwards DNS requests to https://dns.google/dns-query.
To use this system-wide, you need to either set 127.0.0.1:53 as your default DNS resolver or make your system resolver forward DNS queries to 127.0.0.1:53.
Most modern linux distributions use systemd-resolved as their main resolver. In my other tutorial I have explained how you can make systemd-resolved forward DNS requests to any other resolver.
Top comments (2)
Great post, there is a lot of room for improvement, try to make your post longer.
Thanks for your feedback, Emmy. I’ll try to make it longer and add more detail.