Alexander / Aebian

Who am I?

Musician, Programmer, Linux Geek and what not.  more...

The Categories


Arma CodeList
Legal Things
GitHub Projects
Media Creations
My Hardware
My Wishlist
Some Spotify

July 5th at 6:14pm
Report a website issue
For best viewing experience use a 4k screen.
Sidebar ➠

❬ Back to Blog

DNS over TLS

This Post will cover how you can encrypt your DNS over TLS


In modern days security is a mandatory point on every agenda. This post will cover how you can secure your DNS requests with TLS.

What do you need:

  • Cloudflared (The ARGO tunnel application by Cloudflare Inc.)
  • a Linux host is recommended, but MacOS or Windows should work too

Download cloudflared via
If you use Linux you then can install it via sudo dpkg -i cloudflared-stable-linux-amd64.deb

Then create a user to run the service later on:
sudo useradd -s /usr/sbin/nologin -r -m cloudflared

Next step to do is to create a config file for the service:
sudo mkdir /home/cloudflared/.cloudflared

sudoedit /home/cloudflared/.cloudflared/cf

Next step add a service script:

sudoedit /lib/systemd/system/cloudflared.service

Once that is done you can enable the service:

sudo systemctl enable cloudflared
sudo systemctl start cloudflared
And check the status:
sudo systemctl status cloudflared

You can check that the DNS server works via dig:

dig @ -p 7359

Next thing you might wanna do is to create a autostart script for the new service.
Create a file called cloudflared at /etc/init.d/ Inside the file you write: systemctl start cloudflared

Last thing you need to do is:

  • either point your devices to the new DNS port
  • or set your existing dns-upstream in e.g. pi-hole to the new port.