Cloudflared as DoH proxy server (simple)

Hi, I am not getting any replies. Is this the right forum for question on the cloudflared daemon? Thanks!

When using cloudflared daemon as a simple proxy sever (DoH) and accessing help then

Connected to 1.1.1.1

is reported as No. Is this to be expected? when looking at journalctl -xe -f

systemd-resolved[354]: Switching to fallback DNS server 1.1.1.1.

is reported. how to check the installation of cloudflared as a simple proxy server?

Also:

sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471'
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0: <em>LISTEN 386/lighttpd
tcp6 0 0 :::53 :::</em> LISTEN 382/cloudflared
udp6 0 0 :::53 :::* 382/cloudflared

ipv4 seems not to be trapped by cloudflared.

By that you mean using it as DoH proxy, right?

Did you follow https://developers.cloudflare.com/1.1.1.1/encrypted-dns/dns-over-https/dns-over-https-client?

Though yes, the page saying you are using DoH but are not connected to Cloudflare is a bit surprising.

Have you tried https://developers.cloudflare.com/1.1.1.1/encrypted-dns/dns-over-https/dns-over-https-client#dnscrypt-proxy as well?

1 Like

Correct.

I am on Arch Linux on a RPi4 and have used this package following these instructions.

Maybe this is not the way. Which Download is recommend for Arch Linux / ARM64? I seem to remember about a portable go version which is not listed.

It’s not so much about the package (assuming this is the proper binary) but rather about its configuration.

Did you double check if your system is actually properly configured to use only your local service as resolver? If you turn the service off, DNS resolution should not work any more.

Also, you are not running this locally, right? So the system where you opened the site would need to be configured to use your Raspberry as resolver.

The configuration has not been modified from those instructions. And yes, DNS resolution ceases to work when stopped.

If resolution stops when you stop the service, you can assume all your requests go via cloudflared, which in turn should mean they are properly forwarded via DoH.

Did you also double check whether it’s really Cloudflare’s DoH servers which are configured? Otherwise that might explain why you are using DoH, but not Cloudflare.

Yes, using DCHP with the Raspberry address supplied as DNS4/6 resolver.

In that case the setup should be working and the DoH entry also seems to confirm that.

I’d simply check now aforementioned point and if you are sure you configured Cloudflare I’d file that as glitch.

Yes, they are. The Fritz router only supports DoT which is off.

This looks a bit suspicious to me, tough. Why should cloudflared not be trapping ipv4 then?

The setup suggested in the Arch instructions differs quite a bit from the official documentation. Are they acceptable?

No, I meant whether you could have possibly configured any other DoH service.

Not sure what you mean by that. Do you mean why it doesn’t listen on tcp and udp? Are you able to connect to it via the server’s IPv4 address?

But again, considering you can’t resolve anything when you stop the service, we should be able to assume the local setup is working. The question is now why the page states you are not using Cloudflare.

No, not that I am aware of.

Did you double check?

Right.

Would you mind to elaborate on that?

Nope. If you tell me how, I am happy to do that.

As I mentioned, considering the setup itself seems to work, that shouldn’t be the issue.

Whether you can query your DNS service with its IPv4 address.

For starters I’d check the output of the service. It does mention the servers there.

Looks like we are on cloudflared only.

raspi4-arch: ~ $ dig www.cloudflare.com

; <<>> DiG 9.16.21 <<>> www.cloudflare.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55340

;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.cloudflare.com. IN A

;; ANSWER SECTION:

www.cloudflare.com. 267 IN A 104.16.123.96

www.cloudflare.com. 267 IN A 104.16.124.96

;; Query time: 19 msec

;; SERVER: 192.168.178.42#53(192.168.178.42)

;; WHEN: Mon Sep 20 19:43:00 UTC 2021

;; MSG SIZE rcvd: 115