DNS over HTTPS with cloudflared and IPv6!

I figured it out.

For IPv4 follow cloudflared (DoH) - Pi-hole documentation

For IPv6 follow that link with a couple modifications, because I couldn't get one instance of cloudflared to listen on IPv4 and IPv6 so I spun up another instance for IPv6:

Proceed to create a configuration file for cloudflaredv6 :

sudo nano /etc/default/cloudflaredv6

Edit configuration file by copying the following in to /etc/default/cloudflaredv6 . This file contains the command-line options that get passed to cloudflared on startup:

# Commandline args for cloudflared, using Cloudflare DNS
CLOUDFLARED_OPTS=--address :: --port 5053 --upstream https://[2606:4700:4700::1111]/dns-query --upstream https://[2606:4700:4700::1001]/dns-query

Then create the systemd script by copying the following into /etc/systemd/system/cloudflaredv6.service . This will control the running of the service and allow it to run on startup:

sudo nano /etc/systemd/system/cloudflaredv6.service
Description=cloudflared DNS over HTTPS proxy
After=syslog.target network-online.target

ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTS


Enable the systemd service to run on startup, then start the service and check its status:

sudo systemctl enable cloudflaredv6
sudo systemctl start cloudflaredv6
sudo systemctl status cloudflaredv6

And the upstream DNS settings for your Pi-hole:

In order to test IPv4 and IPv6:

dig @ google.com A
dig @ google.com AAAA
dig @::1 google.com A
dig @::1 google.com AAAA

In your router settings if you can set the IPv6 address for your DNS server, run ifconfig | grep fe80. The IPv6 address block your ISP hands you may change, but this address is local to your network and should never change.


Just curious - why do you need IPv6 with Cloudflared? Both A and AAAA queries can be resolved over IPv4 DNS.

The IPv4 and IPv6 loop back addresses lead to the same place.

Maybe to deploy this in a IPv6 environment ?

I know I could run one instance of cloudflared that connects out to v4 and v6 DoH servers and have that one instance listen on v4. I chose to run two as I have had one crash before.

Sometimes someone might not have v4 externally or their v4 connectivity sucks for some reason compared to v6. I have also had v4 service fail while v6 stays fine.

The really important thing with v6 servers in cloudflared though - put them in square brackets. If you don't put them in square brackets cloudflared won't know they're IP addresses, will think they're hostnames, and won't know how to get there.

Any measurable performance difference between running cloudflared v4 and v6?

Only when my ISP gets in the way.

Just what I needed. This really should be appended to the Cloudflared (DoH) Guide. Thank you!!