Connect to Cloudflare 1.1.1.1 using DoH clients on Ubuntu

Last Updated on January 20, 2023 by Pupli

Download and install the cloudflared daemon

Or Download and install cloudflared via the Cloudflare Package Repository.

Ubuntu 20.04 LTS (Focal Fossa)

# Add cloudflare gpg key
sudo mkdir -p --mode=0755 /usr/share/keyrings
curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null

# Add this repo to your apt repositories
echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared focal main' | sudo tee /etc/apt/sources.list.d/cloudflared.list

# install cloudflared
sudo apt-get update && sudo apt-get install cloudflared
cloudflared --version

Run without systemd

cloudflared proxy-dns
#cloudflared proxy-dns --port 5553

Run with systemd

sudo tee /etc/systemd/system/cloudflared-proxy-dns.service >/dev/null <<EOF
[Unit]
Description=DNS over HTTPS (DoH) proxy client
Wants=network-online.target nss-lookup.target
Before=nss-lookup.target

[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
DynamicUser=yes
ExecStart=/usr/local/bin/cloudflared proxy-dns

[Install]
WantedBy=multi-user.target
EOF
sudo systemctl enable --now cloudflared-proxy-dns
sudo rm -f /etc/resolv.conf
echo nameserver 127.0.0.1 | sudo tee /etc/resolv.conf >/dev/null

Finally, verify it locally with:

dig +short @127.0.0.1 cloudflare.com AAAA

Update cloudflared

cloudflared update

References
https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-https/dns-over-https-client/
https://pkg.cloudflare.com/index.html