Cloudflared returns SERVFAIL

miclol · December 28, 2024, 10:19am

Please follow the below template, it will help us to help you!

If you are Experiencing issues with a Pi-hole install that has non-standard elements (e.g you are using `nginx` instead of `lighttpd`, or there is some other aspect of your install that is customised) - please use the Community Help category.

Expected Behaviour:

When setting the DNS server to 127.0.0.1#5053, I expected the cloudflared service to work as intended.

Actual Behaviour:

When using cloudflared as the DNS service, I could not connect to any external websites. When I tried to run dig @127.0.0.1 -p 5053 google.com, it returned:

; <<>> DiG 9.18.28-1~deb12u2-Debian <<>> @127.0.0.1 -p 5053 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27472
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 7abbdbb4ecbc8a6c (echoed)
;; QUESTION SECTION:
;google.com.                    IN      A

;; Query time: 8 msec
;; SERVER: 127.0.0.1#5053(127.0.0.1) (UDP)
;; WHEN: Sat Dec 28 02:06:43 PST 2024
;; MSG SIZE  rcvd: 51

So I'm assuming something is wrong with cloudflared, because if I use the default Cloudflare DNS (1.1.1.1, 1.0.0.1), it works perfectly fine.

Debug Token:

https://tricorder.pi-hole.net/eLSJ1pmh/

rdwebdesign · December 28, 2024, 4:05pm

Apparently you already found the issue.

You need to debug your cloudflared installation.

miclol · December 28, 2024, 7:48pm

I found the issue, but I don't know how to fix it:
The pi-hole blacklist was blocking cloudflare-dns.com, even though cloudflared was trying to use it. Is there a way to only allow itself to access the page while blocking others from using it? I probably can't use groups because everything is routing to my router which then sends it to the Pi-Hole, and I don't think having Pi-Hole be its own DNS resolver is good practice.

Edit: I figured it out. I also had to set the LAN DNS server to Pi-Hole. Hope this helps someone out in the future!

system · January 18, 2025, 7:49pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.