DNS over HTTPS with cloudflared and IPv6!

LordFloofen · July 25, 2021, 9:02pm

I figured it out.

For IPv4 follow cloudflared (DoH) - Pi-hole documentation

For IPv6 follow that link with a couple modifications, because I couldn't get one instance of cloudflared to listen on IPv4 and IPv6 so I spun up another instance for IPv6:

Proceed to create a configuration file for cloudflaredv6 :

sudo nano /etc/default/cloudflaredv6

Edit configuration file by copying the following in to /etc/default/cloudflaredv6 . This file contains the command-line options that get passed to cloudflared on startup:

# Commandline args for cloudflared, using Cloudflare DNS
CLOUDFLARED_OPTS=--address :: --port 5053 --upstream https://[2606:4700:4700::1111]/dns-query --upstream https://[2606:4700:4700::1001]/dns-query

Then create the systemd script by copying the following into /etc/systemd/system/cloudflaredv6.service . This will control the running of the service and allow it to run on startup:

sudo nano /etc/systemd/system/cloudflaredv6.service

[Unit]
Description=cloudflared DNS over HTTPS proxy
After=syslog.target network-online.target

[Service]
Type=simple
User=cloudflared
EnvironmentFile=/etc/default/cloudflaredv6
ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTS
Restart=on-failure
RestartSec=10
KillMode=process

[Install]
WantedBy=multi-user.target

Enable the systemd service to run on startup, then start the service and check its status:

sudo systemctl enable cloudflaredv6
sudo systemctl start cloudflaredv6
sudo systemctl status cloudflaredv6

And the upstream DNS settings for your Pi-hole:

In order to test IPv4 and IPv6:

dig @127.0.0.1 google.com A
dig @127.0.0.1 google.com AAAA
dig @::1 google.com A
dig @::1 google.com AAAA

In your router settings if you can set the IPv6 address for your DNS server, run ifconfig | grep fe80. The IPv6 address block your ISP hands you may change, but this address is local to your network and should never change.

jfb · July 26, 2021, 2:53am

Just curious - why do you need IPv6 with Cloudflared? Both A and AAAA queries can be resolved over IPv4 DNS.

The IPv4 and IPv6 loop back addresses lead to the same place.

matttt · July 26, 2021, 8:36am

Maybe to deploy this in a IPv6 environment ?

LordFloofen · July 26, 2021, 12:25pm

I know I could run one instance of cloudflared that connects out to v4 and v6 DoH servers and have that one instance listen on v4. I chose to run two as I have had one crash before.

Sometimes someone might not have v4 externally or their v4 connectivity sucks for some reason compared to v6. I have also had v4 service fail while v6 stays fine.

The really important thing with v6 servers in cloudflared though - put them in square brackets. If you don't put them in square brackets cloudflared won't know they're IP addresses, will think they're hostnames, and won't know how to get there.

matttt · July 26, 2021, 12:48pm

Any measurable performance difference between running cloudflared v4 and v6?

LordFloofen · July 26, 2021, 12:53pm

Only when my ISP gets in the way.

Brent_W · April 23, 2023, 4:38pm

Just what I needed. This really should be appended to the Cloudflared (DoH) Guide. Thank you!!