Cloudflare Gateway and cloudflared

I have setup cloudflared 2020.3.2 on my Raspberry to use with DoH on my local network.
I tried changing the default config.yml from proxy-dns-upstream - - to proxy-dns-upstream - to use Cloudflare Gateway but DNS queries could not resolve (obviously xxxx is my Gateway location ID).

Any ideas?

I am in exactly the same place, the error is:
“failed to connect to an HTTPS backend”

Do you use a Pi-Hole? I think the issue in my case is that cloudflared cannot lookup the hostname since it uses Pi-Hole to resolve, which in turn uses cloudflared to forward the query.

@justinfreid I’ve changed /etc/resolv.conf from to and Now cloudflared can resolve the Gateway hostname and everything seems to be working. I see my network queries in both Pi Hole and in the Gateway dashboard. Pi-Hole goes first (so domains blocked there don’t reach Gateway). Once domains pass the Pi-Hole they are then allowed/block by Gateway.

Thanks, I tried something similar but resolv.conf gets overwritten when certain actions are taken and certainly upon a reboot.
Maybe tweaking it in resolvconf.conf is the better solution.
I think I am using DoH now, though.

Yes putting them in resolvconf.conf seems to work. Do you know in which formats I should put multiple nameservers in that file? I think I should just leave a space after the first DNS but I’m not sure and the man file is not super helpful

Actually no, resolv.conf was just overwritten and despite the nameserver being in resolvconf.conf, the hostname still couldn’t be resolved. Not sure why putting them in resolvconf.conf is not working

@justinfreid ok, found the solution. I edited /etc/resolvconf/resolv.conf.d/base and added


After running sudo resolvconf -u I was able to navigate fine using Gateway

Thank you, putting them in /base looks like a good bet.

I don’t know if you’re using DNS filtering on your router, but if you are, turn off filtering for your pi-hole’s MAC address.

I spoke too soon, the same problem cropped up over night.

Yes I’ve had the same problem… spoke too soon as well. ahah I don’t know what to do at this point.
Don’t think I have DNS filtering in my router with OpenWRT

Hey, take a look at this: - 2020-04-04 ARES-899: Fixes DoH client as system resolver. Fixes #91

I removed all of the changes in resolvconf, updated, and restarted.
No dice.
Maybe Cloudflare should provide an IPv4 address for using Gateway DoH instead of requiring resolution of

Hello @adaptive, could you advise us on what to do?

I removed the Cloudflare Gateway IPv4 addresses from DNS in my dhcpcd.conf, rebooted, then added them back and rebooted again and I think everything is working now.
This is without any changes to resolv.conf.

Mmm but do you still have CF’s name servers here /etc/resolvconf/resolv.conf.d/base ?

I do not, I removed them when I started testing the April 2020 update of Cloudflared.
The only place they are specified is in dhcpcd.conf.
I don’t think the Raspberry Pi itself is using DoH through Cloudflare Gateway via Cloudfared even though is listed first, but everything else on my network is.

Ok I’ve updated cloudflared, added the Gateway name servers to dhcpcd.conf, edited cloudflared config.yml to re-add the Gateway DNS proxy URL, rebooted and it seems to work for now. Let’s see if it still does in a few hours! :slight_smile:

Did you previously have only loopback for DNS server?

Can confirm it is still working now (editing dhcpd.conf).

It worked for a few hours when I had the Gateway DNS in resolv.conf or etc/resolvconf/resolv.conf.d/base (resolvconf.conf did not work at all). Resolv.conf was being overwritten by dnsmasq, Not sure why I had the same behaviour with resolv.conf.d/base (the file was not overwritten, but DNS stopped resolving anyway)