Connect to Cloudflare 1.1.1.1 using DoH clients on Ubuntu

Last Updated on October 18, 2022 by Pupli

Download and install the cloudflared daemon

cloudflared --version

Run without systemd

cloudflared proxy-dns
#cloudflared proxy-dns --port 5553

Run with systemd

sudo tee /etc/systemd/system/cloudflared-proxy-dns.service >/dev/null <<EOF
[Unit]
Description=DNS over HTTPS (DoH) proxy client
Wants=network-online.target nss-lookup.target
Before=nss-lookup.target

[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
DynamicUser=yes
ExecStart=/usr/local/bin/cloudflared proxy-dns

[Install]
WantedBy=multi-user.target
EOF
sudo systemctl enable --now cloudflared-proxy-dns
sudo rm -f /etc/resolv.conf
echo nameserver 127.0.0.1 | sudo tee /etc/resolv.conf >/dev/null

Finally, verify it locally with:

dig +short @127.0.0.1 cloudflare.com AAAA

Update cloudflared

cloudflared update

References
https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-https/dns-over-https-client/