Alexander / Aebian

Alexander / Aebian

Who am I?

Musician, Programmer, Linux Geek and what not.  more...


The Categories



Stuff

Arma CodeList
Legal Things
Media Creations
My Projects
My Hardware
My Wishlist
Some Spotify


October 13th at 4:37pm
Report a website issue
Sidebar ➠

❬ Back to Blog


DNS over TLS


This Post will cover how you can encrypt your DNS over TLS

by

Greetings,

In modern days security is a mandatory point on every agenda. This post will cover how you can secure your DNS requests with TLS.


What do you need:

  • Cloudflared (The ARGO tunnel application by Cloudflare Inc.)
  • a Linux host is recommended, but MacOS or Windows should work too

Download cloudflared via https://developers.cloudflare.com/argo-tunnel/downloads/
If you use Linux you then can install it via sudo dpkg -i cloudflared-stable-linux-amd64.deb

Then create a user to run the service later on:
sudo useradd -s /usr/sbin/nologin -r -m cloudflared

Next step to do is to create a config file for the service:
sudo mkdir /home/cloudflared/.cloudflared

sudoedit /home/cloudflared/.cloudflared/cf

Next step add a service script:

sudoedit /lib/systemd/system/cloudflared.service

Once that is done you can enable the service:

sudo systemctl enable cloudflared
sudo systemctl start cloudflared
And check the status:
sudo systemctl status cloudflared


You can check that the DNS server works via dig:

dig @127.0.0.1 -p 7359 google.ca

Next thing you might wanna do is to create a autostart script for the new service.
Create a file called cloudflared at /etc/init.d/ Inside the file you write: systemctl start cloudflared

Last thing you need to do is:

  • either point your devices to the new DNS port
  • or set your existing dns-upstream in e.g. pi-hole to the new port.

piholedns.png