Jump to content

[Workarround+Docker Request] Cloudflare DNS over HTTPS


jasgud

Recommended Posts

My Service provider has terrible DNS.  I also suspect they do all kinds of sniffing/traffic logging/advertising with the information they collect when I browse the web on their service.  This is regardless of what DNS I use because it is transmitted it plain text. 
After a bit of research I found the new 1dot (1.1.1.1) cloudflare DNS offers DNS over HTTPS to totally encrypt all DNS traffic leaving my network.  The only cavate is it requires using it requires an intermediary service/application called CloudFlareD (aka Argo).  Enter Docker/Unraid.
Docker/Unraid doesn't seem to have a template setup for it, and since I don't really know how to do that I set one up manually.  In the unraid webgui, find the docker section and click add container.  Switch to advanced and don't pick a template.  Fill out the template as below, leave all fields that aren't mentioned as blank.  NOTE: Must have Bridged mode enabled on the unraid network device.

Name: cloudflared-proxy-dns
Repository: travisez13/cloudflared-proxy-dns
Docker Hub URL: https://hub.docker.com/r/travisez13/cloudflared-proxy-dns/
Network Type: br0
Fixed IP address (optional): Any free IP (192.168.0.55)
Privileged: ON (DNS port 53 requires this to bind properly)
Add 2 extra Ports as per below

1. Name: DNS TCP
Host Port: 53
Default Value: 53
Connection Type: TCP
Required: Yes

2. Name: DNS UDP
Host Port: 53
Default Value: 53
Connection Type: UDP
Required: Yes

After the docker starts you'll need to test and make sure its running properly by using nslookup in windows

1. Click start and run
2. type in nslookup
3. in the black window type in the below command without quotes
	"server 192.168.1.10" there 192.168.1.10 is the ip address of the Fixed IP address you selected earlier
4. type an internet address that you know works (google.com, ebay.com, lime-technology.com) and it should reply with an IP address that corrosponds with the site you tried.

Once that is confirmed you are ready to change the DNS your DHCP server is sending out.  Usually on your ISP router.

 

Since I've done this I've slowly seen a massive drop in sketchy advertising that I suspected was from my ISP.  It also has better performance than both my ISP and Google Pub DNS.  Plus encrypted DNS, so yeah.  I'm happy(ish) now, just have to keep harping on ISP to not be sketchy.

Details on cloudflare link below if someone wants to create an actual docker container.

https://developers.cloudflare.com/1.1.1.1/dns-over-https/

Link to comment

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...