I've been trying to enable pihole with cloudflared using the following guide:
However, when I try and enable the service using systemctl it quits (see ERR about "bind: permission denied" in the output below)
pi@raspberrypi:~ $ sudo systemctl status cloudflared
● cloudflared.service - cloudflared DNS over HTTPS proxy
Loaded: loaded (/etc/systemd/system/cloudflared.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Mon 2022-10-31 17:23:06 CDT; 21h ago
Process: 950 ExecStartPre=/bin/sleep 15 (code=exited, status=0/SUCCESS)
Process: 955 ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFARED_OPTS (code=exited, status=0/SUCCESS)
Main PID: 955 (code=exited, status=0/SUCCESS)
Oct 31 17:22:51 raspberrypi systemd[1]: Starting cloudflared DNS over HTTPS proxy...
Oct 31 17:23:06 raspberrypi systemd[1]: Started cloudflared DNS over HTTPS proxy.
Oct 31 17:23:06 raspberrypi cloudflared[955]: 2022-10-31T22:23:06Z INF Adding DNS upstream url=https://1.1.1.1/dns-query
Oct 31 17:23:06 raspberrypi cloudflared[955]: 2022-10-31T22:23:06Z INF Adding DNS upstream url=https://1.0.0.1/dns-query
Oct 31 17:23:06 raspberrypi cloudflared[955]: 2022-10-31T22:23:06Z INF Starting metrics server on 127.0.0.1:40017/metrics
Oct 31 17:23:06 raspberrypi cloudflared[955]: 2022-10-31T22:23:06Z INF Starting DNS over HTTPS proxy server address=dns://localhost:53
Oct 31 17:23:06 raspberrypi cloudflared[955]: 2022-10-31T22:23:06Z ERR Failed to start the listeners error="failed to create a UDP listener: listen udp 127.0.0.1:53: bind: permission denied"
Oct 31 17:23:06 raspberrypi systemd[1]: cloudflared.service: Succeeded.
Any idea as to what I might be doing wrong?
I've been able to workaround this problem by using the screen command (as documented here). However, this means that whenever my machine is rebooted cloudflared doesn't come up automatically and all clients on my network cannot resolve any DNS queries.
Details about my system:
pi@raspberrypi:~ $ uname -a
Linux raspberrypi 5.10.103-v7+ #1529 SMP Tue Mar 8 12:21:37 GMT 2022 armv7l GNU/Linux
pi@raspberrypi:~ $ pihole -v
Pi-hole version is v5.13 (Latest: v5.13)
AdminLTE version is v5.16 (Latest: v5.16)
FTL version is v5.18.2 (Latest: v5.18.2)
Thanks for your reply.
I followed the guide and used port 5053 in /etc/default/cloudflared:
# Commandline args for cloudflared, using Cloudflare DNS
CLOUDFLARED_OPTS=--port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query
I also did a search in my /etc folder for any instances of the string '127.0.0.1#53' and couldn't find any instances:
Did you create the systemd unit file (from the same guide) and include the below so it reads the port, as it seems as if it's not paying attention to the 5053 when trying to start
Pi-hole absolutely has to bind port 53, unless you'd want to go ahead and manually configure each of your clients to use a non-standard port for DNS.
Your output is showing that cloudflared is incorrectly trying to bind port 53 as well:
This is happening despite the --port 5053 optin set in your /etc/default/cloudflared:
Obviously, your cloudflared service is not using that configuration file.
As wrong permissions on /etc/default/cloudflared would likely result in permission denials, let's check how you've configured your cloudflared service.
I decided to redo everything using the guide except this time I set CLOUDFLARED_OPTS in quotes as suggested by deHakkelaar (sorry can't "mention" as I'm a new user).
I detached the screen session and tried using systemctl and it worked!
pi@raspberrypi:~ $ systemctl status cloudflared
● cloudflared.service - cloudflared DNS over HTTPS proxy
Loaded: loaded (/etc/systemd/system/cloudflared.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2022-11-02 14:41:51 CDT; 4min 26s ago
Main PID: 894 (cloudflared)
Tasks: 10 (limit: 2059)
CGroup: /system.slice/cloudflared.service
└─894 /usr/local/bin/cloudflared proxy-dns --port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query
Nov 02 14:41:51 raspberrypi systemd[1]: Started cloudflared DNS over HTTPS proxy.
Nov 02 14:41:52 raspberrypi cloudflared[894]: 2022-11-02T19:41:52Z INF Adding DNS upstream url=https://1.1.1.1/dns-query
Nov 02 14:41:52 raspberrypi cloudflared[894]: 2022-11-02T19:41:52Z INF Adding DNS upstream url=https://1.0.0.1/dns-query
Nov 02 14:41:52 raspberrypi cloudflared[894]: 2022-11-02T19:41:52Z INF Starting DNS over HTTPS proxy server address=dns://localhost:5053
Nov 02 14:41:52 raspberrypi cloudflared[894]: 2022-11-02T19:41:52Z INF Starting metrics server on 127.0.0.1:36489/metrics
Thank you chrislph , deHakkelaar and Bucking_Horn for your help! (Can't "mention" you all as I'm a new user)
For the records:
I've had no difficultes applying the guide as is, so I do not think your issue has been related to quotation marks.
However, I've been able to reproduce your ERR by deleting the following line from /etc/systemd/system/cloudflared.service:
EnvironmentFile=/etc/default/cloudflared
Without this reference to its configuration settings, cloudflared seems to use fallback defaults, especially binding `localhost:53`
Loaded: loaded (/etc/systemd/system/cloudflared.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Wed 2022-11-02 20:59:42 CET; 1s ago
Process: 815 ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTS (code=exited, status=0/SUCCESS
Main PID: 815 (code=exited, status=0/SUCCESS)
Nov 02 20:59:40 pihole-5 systemd[1]: Started cloudflared DNS over HTTPS proxy.
Nov 02 20:59:42 pihole-5 cloudflared[815]: 2022-11-02T18:59:42Z INF Adding DNS upstream url=https://1.1.1.1/dns-query
Nov 02 20:59:42 pihole-5 cloudflared[815]: 2022-11-02T18:59:42Z INF Adding DNS upstream url=https://1.0.0.1/dns-query
Nov 02 20:59:42 pihole-5 cloudflared[815]: 2022-11-02T18:59:42Z INF Starting metrics server on 127.0.0.1:41723
Nov 02 20:59:42 pihole-5 cloudflared[815]: 2022-11-02T18:59:42Z INF Starting DNS over HTTPS proxy server address=dns://localhost:53
Nov 02 20:59:42 pihole-5 cloudflared[815]: 2022-11-02T18:59:42Z ERR Failed to start the listeners error="failed to create a UDP listener: listen udp 127.0.0.1:53: bind: permission denied"
Nov 02 20:59:42 pihole-5 systemd[1]: cloudflared.service: Succeeded.
So my guess would be that your unit file probably was missing that line when you first observed that ERR.
Hi Bucking_Horn,
I never had that EnvironmentFile line in the /etc/default/cloudflared file nor does that line seem to be in the Cloudflare guide. From the guide:
Proceed to create a configuration file for cloudflared:
sudo nano /etc/default/cloudflared
Edit configuration file by copying the following in to /etc/default/cloudflared. This file contains the command-line options that get passed to cloudflared on startup:
# Commandline args for cloudflared, using Cloudflare DNS
CLOUDFLARED_OPTS=--port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns
Do you have more items in /etc/default/cloudflared that should be added to the guide?
