Alexander / Aebian

Who am I?

Musician, Programmer, Linux Geek and what not.  more...

The Categories


Arma CodeList
GitHub Projects
Media (Gallery)
Privacy Policy
My Hardware
My Wishlist

May 19th at 6:19am
Report a website issue
For best viewing experience use a 4k screen.

nethavn Logo

❬ Back to Blog

DNS over TLS

This Post will cover how you can encrypt your DNS over TLS


In modern days security is a mandatory point on every agenda. This post will cover how you can secure your DNS requests with TLS.

What do you need:

  • Cloudflared (The ARGO tunnel application by Cloudflare Inc.)
  • a Linux host is recommended, but MacOS or Windows should work too

Download cloudflared via
If you use Linux you then can install it via sudo dpkg -i cloudflared-stable-linux-amd64.deb

Then create a user to run the service later on:
sudo useradd -s /usr/sbin/nologin -r -m cloudflared

Next step to do is to create a config file for the service:
sudo mkdir /home/cloudflared/.cloudflared

sudoedit /home/cloudflared/.cloudflared/cf

Next step add a service script:

sudoedit /lib/systemd/system/cloudflared.service

Once that is done you can enable the service:

sudo systemctl enable cloudflared
sudo systemctl start cloudflared
And check the status:
sudo systemctl status cloudflared

You can check that the DNS server works via dig:

dig @ -p 7359

Next thing you might wanna do is to create a autostart script for the new service.
Create a file called cloudflared at /etc/init.d/ Inside the file you write: systemctl start cloudflared

Last thing you need to do is:

  • either point your devices to the new DNS port
  • or set your existing dns-upstream in e.g. pi-hole to the new port.