Alexander / Aebian

Who am I?

Musician, Programmer, Linux Geek and what not.  more...


The Categories



Stuff

Arma CodeList
GitHub Projects
Media (Gallery)
Privacy Policy
My Hardware
My Wishlist


October 7th at 9:47pm
Report a website issue
For best viewing experience use a 4k screen.

nethavn Logo

❬ Back to Blog


DNS over TLS


This Post will cover how you can encrypt your DNS over TLS

Greetings,

In modern days security is a mandatory point on every agenda. This post will cover how you can secure your DNS requests with TLS.


What do you need:

  • Cloudflared (The ARGO tunnel application by Cloudflare Inc.)
  • a Linux host is recommended, but MacOS or Windows should work too

Download cloudflared via https://developers.cloudflare.com/argo-tunnel/downloads/
If you use Linux you then can install it via sudo dpkg -i cloudflared-stable-linux-amd64.deb

Then create a user to run the service later on:
sudo useradd -s /usr/sbin/nologin -r -m cloudflared

Next step to do is to create a config file for the service:
sudo mkdir /home/cloudflared/.cloudflared

sudoedit /home/cloudflared/.cloudflared/cf

Next step add a service script:

sudoedit /lib/systemd/system/cloudflared.service

Once that is done you can enable the service:

sudo systemctl enable cloudflared
sudo systemctl start cloudflared
And check the status:
sudo systemctl status cloudflared


You can check that the DNS server works via dig:

dig @127.0.0.1 -p 7359 google.ca

Next thing you might wanna do is to create a autostart script for the new service.
Create a file called cloudflared at /etc/init.d/ Inside the file you write: systemctl start cloudflared

Last thing you need to do is:

  • either point your devices to the new DNS port
  • or set your existing dns-upstream in e.g. pi-hole to the new port.

piholedns.png