Could not lookup srv records on _v2-origintunneld._tcp.argotunnel.com: lookup argotunnel.com on xxx.xxx.xx.x:xx: cannot unmarshal DNS message
What is the issue you’re encountering
I can’t create cloudflare tunnel from synology NAS docker container.
What steps have you taken to resolve the issue?
Hi community,
I run into issue setting up cloudflare tunnel on Synology NAS docker container - container manager.
I would like to test simple wordpress webpage hosted on my synology NAS.
I successfully registered my domain on cloudflare, and followed up guideless to run the latest cloudflare image. When I run with command “tunnel run --token eyJhIjoiMTk2ZjN…” container will keep restarting with error “..cannot unmarshal DNS message..”, full log in attachment.
I’m new to this. Could you please help with any ideas how can I create the tunnel?
Hi There,
Sorry to hear your issue.
this error typically happens when:
-Your synology DNS resolver can’t properly handle SRV record lookups
-There’s a network configuration issue in your docker container
-The Cloudflare tunnel token might need regeneration.
First
check your dns settings, change your Dns server from 198.168.88.1 to Cloudflare’s dns, preferred 1.1.1.1 , Alernate 1.0.0.1
apply and restart your NAS network services
update your docker command
docker run --=host
–dns 1.1.1.1
–dns 8.8.8.8
Cloudflare/cloudflared:latest \tunnel --no-autoupdate run --token
–network-host :gives you better network access
–dns flags force Cloudflare/Google DNS
–no-autoupdate prevents restart loops
Verify Your Token
In Cloudflare Dashboard, go to Zero Trust > Tunnels
Create a new token if the current one is >24 hours old
Make sure you’re copying the entire token without truncation
Check Docker Logs Thoroughly After running the new command, check full logs with:
bash
docker logs -f YOUR_CONTAINER_ID
Look for any new clues after “Tunnel started”
Alternative Approach
If you’re still stuck, you might want to try:
Installing cloudflared directly on Synology (not in Docker)
Using the GUI method via Cloudflare’s Zero Trust dashboard
Tip: I’ve seen this exact error when local firewalls block DNS queries - you might want to temporarily disable Synology’s firewall to test.
Would you be able to share:
-Your Synology DSM version
-Whether you’re using bridge/host network mode
-The full (redacted) error log after trying these steps?
P.S. For other readers finding this: The “cannot unmarshal DNS message” often relates to DNS configuration rather than the tunnel itself.
