Cloudflared DNS server requests times out

Hi CF,

I have a strange issue where I can’t get a DNS resolve via the dns-proxy:

My /etc/default/cloudflared:
CLOUDFLARED_OPTS=--port 7359 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query

Do you have any idea what could be the reason for it?
Firewall on my EdgeRouter is open for outbound, so there shouldn’t be an issue.

Regards,

Alex

You need to start dns proxy:

$ sudo cloudflared proxy-dns

1 Like

Hi, it is already started see the screenshot above.
Even If I do it again using your commandlet (aka sudo cloudflared proxy-dns --port 7539) it still generates the same error:

→ dig @127.0.0.1 -p 7359 google.ca

; <<>> DiG 9.10.3-P4-Debian <<>> @127.0.0.1 -p 7359 google.ca
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

What is the output of following command?

$ netstat -n --udp --listen

What if you disable firewall?

$ sudo ufw disable

Even with disabled firewall no difference.

Port 7359 is bound to IPv6. Try this:

dig @::1 -p 7359 google.ca

@Xaq:

Interesting, yes that works. Is there any setting I can apply to force the use of ipv4 for the proxy?

Regards,

Alex

There should be a config file (usually at /etc) where you have set the port 7359. Also if you free up port 53 (according to screenshot it is in use) the it may work out of the box. If there is a host section in config, set it to 0.0.0.0 so service will listen on all interfaces.

@Xaq: Yes, in this config file above I have set the port. But I haven’t specified any protocol.

At /etc/cloudflared there is a config.yml. Inside it set this: proxy-dns-address: 0.0.0.0 and restart service.

What is your service configuration please? I don’t have that folder and on my whole system there is no config.yml.

Mine is:

[Unit]
Description=cloudflared DNS over HTTPS proxy
After=syslog.target network-online.target

[Service]
Type=simple
User=cloudflared
EnvironmentFile=/etc/default/cloudflared
ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTS
Restart=on-failure
RestartSec=10
KillMode=process

[Install]
WantedBy=multi-user.target

My cloudflared Environment file is in the initial post.

This is the systemctl config which runs cloudflared as service. You need a config.yml so you don’t need to pass every setting as argument. Create /etc/cloudflared/config.yml with the following content:

proxy-dns: true
proxy-dns-port: 7359
proxy-dns-address: 0.0.0.0
proxy-dns-upstream:
 - https://1.1.1.1/dns-query
 - https://1.0.0.1/dns-query

Remember to restart cloudflared

1 Like

Hi,

Thanks for your input. Can you also share your /lib/systemd/system/cloudflared.service file?
For some reason the cloudflared service still uses ipv6.

If I disable ipv6 via net.ipv6.conf.all.disable_ipv6 = 1 in the /etc/sysctl.conf
the program won’t even start.

Regards,

Alex

I don’t have it installed. Actually today I did add my first domain to CF. I find this one:

[Unit]
Description=cloudflared DNS over HTTPS proxy
After=syslog.target network-online.target

[Service]
Type=simple
User=cloudflared
EnvironmentFile=/etc/default/cloudflared
ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTS
Restart=on-failure
RestartSec=10
KillMode=process

[Install]
WantedBy=multi-user.target

You just need to disable it on loopback interface:

sudo sysctl -w net.ipv6.conf.lo.disable_ipv6=1

Thanks fort the reply. My service file looks the same. If I disable IPv6 I get this:

image

The log tells me this:

May 22 04:25:05 aurora-dns systemd[1]: cloudflared.service: Main process exited, code=exited, status=1/FAILURE
May 22 04:25:05 aurora-dns systemd[1]: cloudflared.service: Unit entered failed state.
May 22 04:25:05 aurora-dns systemd[1]: cloudflared.service: Failed with result ‘exit-code’.
May 22 04:25:15 aurora-dns systemd[1]: cloudflared.service: Service hold-off time over, scheduling restart.
May 22 04:25:15 aurora-dns systemd[1]: Stopped cloudflared DNS over HTTPS proxy.
May 22 04:25:15 aurora-dns systemd[1]: Started cloudflared DNS over HTTPS proxy.
May 22 04:25:15 aurora-dns cloudflared[12656]: time=“2019-05-22T04:25:15-04:00” level=fatal msg=“Failed to open the metrics listener” error=“listen tcp [::1]:0: bind: cannot assign requested address”
May 22 04:25:15 aurora-dns systemd[1]: cloudflared.service: Main process exited, code=exited, status=1/FAILURE
May 22 04:25:15 aurora-dns systemd[1]: cloudflared.service: Unit entered failed state.
May 22 04:25:15 aurora-dns systemd[1]: cloudflared.service: Failed with result ‘exit-code’.

I wonder why it still try to use IPv6. I have also a config.yml in place at /etc/cloudflared/

Thanks for your help.

Regards,

Alex

Somewhere you are telling cloudflared to listen on ::1.

To find which files are opened by cloudflared run this command is a separate shell/session:

sudo strace -e open -p $(pidof cloudflared)

Then restart cloudflared and check the previous command output. If it is not a configuration issue, then something is wrong with your server configuration.

I restarted my server twice and still IPv6 gets used.

Everything else works fine on ipv4 so I’m not sure which “server issue” I have.

Did you try watching cloudflared process upon file access? Did you find actual config file with that trick or it uses just the file at /etc/cloudflared/config.yml?

Hi,

The issue lies within the ARGO tunnel and not the DNS it seems.
I need to modify the config file then, not sure what to use as this doesn’t seem to work:

proxy-dns: true
proxy-dns-port: 7359
proxy-dns-address: 0.0.0.0
proxy-dns-upstream:

hostname: bla.url.com
url: https://localhost:443
logfile: /home/cloudflared/log/cloudflared.log

The tunnel produces the port error.

Try proxy-dns-address: 127.0.0.1