- Install cloudflared
- Create
/etc/systemd.system/cloudflared-proxy-dns.service with contents:
[Unit]
Description=DNS over HTTPS (DoH) proxy client
Wants=network-online.target nss-lookup.target
Before=nss-lookup.target
[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
DynamicUser=yes
ExecStart=/usr/bin/cloudflared proxy-dns
[Install]
WantedBy=multi-user.target
- Modify
/etc/systemd/resolved.conf and set DNS=127.0.0.1
- Start the proxy:
sudo systemctl start cloudflared-proxy-dns.service
- Restart resolved:
sudo systemctl restart systemd-resolved.service
- Validate resolved is using 127.0.0.1:
systemd-resolve --status
- Test:
dig cloudflare.com AAAA
