❬ Back to Blog
DNS over TLS
This Post will cover how you can encrypt your DNS over TLS
Greetings,
In modern days security is a mandatory point on every agenda. This post will cover how you can secure your DNS requests with TLS.
What do you need:
- Cloudflared (The ARGO tunnel application by Cloudflare Inc.)
- a Linux host is recommended, but MacOS or Windows should work too
Download cloudflared via https://developers.cloudflare.com/argo-tunnel/downloads/
If you use Linux you then can install it via sudo dpkg -i cloudflared-stable-linux-amd64.deb
Then create a user to run the service later on:
sudo useradd -s /usr/sbin/nologin -r -m cloudflared
Next step to do is to create a config file for the service:
sudo mkdir /home/cloudflared/.cloudflared
sudoedit /home/cloudflared/.cloudflared/cf
Next step add a service script:
sudoedit /lib/systemd/system/cloudflared.service
Once that is done you can enable the service:
sudo systemctl enable cloudflared
sudo systemctl start cloudflared
And check the status:
sudo systemctl status cloudflared
You can check that the DNS server works via dig:
dig @127.0.0.1 -p 7359 google.ca
Next thing you might wanna do is to create a autostart script for the new service.
Create a file called cloudflared
at /etc/init.d/ Inside the file you write: systemctl start cloudflared
Last thing you need to do is:
- either point your devices to the new DNS port
- or set your existing dns-upstream in e.g. pi-hole to the new port.