diff options
| author | subh <subh@subh.space> | 2026-04-14 06:19:57 +0530 |
|---|---|---|
| committer | subh <subh@subh.space> | 2026-04-14 06:19:57 +0530 |
| commit | f6f49d7a147b0e2f90d02fed43cc9b3d25b446c3 (patch) | |
| tree | b39e35c341c1c9f3c365ff4ad3a39c1dbd9b0b9f /stuff/cloudflare-dot.html | |
| parent | b8dfdd2a46a993bbcc329e6caf1b8466f51af351 (diff) | |
changes
Diffstat (limited to 'stuff/cloudflare-dot.html')
| -rw-r--r-- | stuff/cloudflare-dot.html | 159 |
1 files changed, 0 insertions, 159 deletions
diff --git a/stuff/cloudflare-dot.html b/stuff/cloudflare-dot.html deleted file mode 100644 index af4a1c2..0000000 --- a/stuff/cloudflare-dot.html +++ /dev/null @@ -1,159 +0,0 @@ -<!DOCTYPE html> -<html lang="en"> -<head> - <meta charset="UTF-8"> - <meta name="viewport" content="width=device-width, initial-scale=1.0"> - <title>subh.space</title> - <style> - :root { - --bg0: #282828; - --bg1: #3c3836; - --fg: #ebdbb2; - --gray: #928374; - --yellow: #fabd2f; - --green: #b8bb26; - --orange: #fe8019; - --aqua: #8ec07c; - } - - body { - font-family: 'Iosevka Nerd Font Propo', Iosevka; - line-height: 1.7; - color: var(--fg); - background-color: var(--bg0); - max-width: 780px; - margin: 40px auto; - padding: 0 20px; - -webkit-font-smoothing: antialiased; - } - - h1 { - font-size: 2.2em; - color: var(--yellow); - border-bottom: 2px solid var(--bg1); - padding-bottom: 15px; - margin-bottom: 30px; - } - - h2 { - font-size: 1.5em; - color: var(--aqua); - margin-top: 35px; - margin-bottom: 15px; - font-weight: 600; - } - - p { margin-bottom: 1.2em; } - - code { - font-family: 'Fira Code', 'JetBrains Mono', 'Courier New', monospace; - background-color: var(--bg1); - color: var(--orange); - padding: 3px 6px; - border-radius: 4px; - font-size: 0.9em; - } - - pre { - background-color: #1d2021; - padding: 20px; - border-radius: 8px; - overflow-x: auto; - border: 1px solid var(--bg1); - margin-bottom: 1.5em; - } - - pre code { - background-color: transparent; - padding: 0; - color: var(--fg); - color-scheme: dark; - } - - .language-toml { color: var(--fg); } - .toml-key { color: var(--green); } - - ol, ul { margin-bottom: 1.5em; padding-left: 25px; } - li { margin-bottom: 0.8em; } - li pre { margin-top: 10px; margin-bottom: 10px; } - - </style> -</head> -<body> - -<h1>DNS over TLS (DoT) with cloudflare</h1> - -<p>This guide assumes that you're running a systemd-based operating system</p> - -<h2>1. Configure systemd-resolved to use cloudflare's DNS server</h2> -<p>Add the following block to your <code>/etc/systemd/resolved.conf</code></p> -<pre><code class="language-toml"><span class="toml-key">[Resolve]</span> -DNS=1.1.1.3#family.cloudflare-dns.com 2606:4700:4700::1113#family.cloudflare-dns.com -FallbackDNS=1.0.0.3#family.cloudflare-dns.com 2606:4700:4700::1003#family.cloudflare-dns.com -DNSOverTLS=yes -DNSSEC=yes -Domains=~. -</code></pre> -<p><code>1.1.1.3</code> and <code>1.0.0.3</code> are part of cloudflare's family-friendly DNS servers which block malware and adult contents. You can also use the default <code>1.1.1.1</code> DNS server for DoT.</p> -<p>Once the changes are saved, restart <code>systemd-resolved</code></p> -<pre><code class="language-shell">sudo systemctl restart systemd-resolved -</code></pre> - -<h2>2. Make systemd-resolve take precedence over resolve.conf</h2> -<p>To make sure your system uses <code>systemd-resolved</code> over <code>resolv.conf</code>, you need to create a symlink as follows:</p> -<pre><code class="language-shell">sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf -</code></pre> - -<h2>3. Make sure DNS is working as intended</h2> -<p>Make sure you're able to resolve domain names as follows:</p> -<pre><code class="language-shell">resolvectl query google.com -</code></pre> -<p>If you see output, you're golden!</p> - -<h2>4. An Edge Cases:</h2> -<p>If you're using a service such as tailscale which overrides your <code>resolv.conf</code> upon start with its own magicDNS server, it may break your DoT setup. To make sure, tailscale never overrides your <code>resolv.conf</code>, do the following</p> -<ol> - <li>Re-create the symlink as it was likely broken when tailscale started</li> -</ol> -<pre><code class="language-shell">sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf -</code></pre> -<ol start="2"> - <li>Restart <code>tailscaled</code> and <code>systemd-resolved</code></li> -</ol> -<pre><code class="language-shell">sudo systemctl restart tailscaled -sudo systemctl restart systemd-resolved -sudo tailscale up --accept-dns=true -</code></pre> -<ol start="3"> - <li>Check your <code>resolve.conf</code></li> -</ol> -<p>If your <code>resolve.conf</code> looks as follows, you're all good!</p> -<pre><code class="language-shell">nameserver 127.0.0.53 -options edns0 trust-ad -search tailxxxxx.ts.net -</code></pre> - -<h2>5. Configure Browsers with DoT</h2> -<p>If previously, you've been using DoH (DNS Over HTTPS) in your browser, and want to shift to your new DoT configuration, do the following</p> -<ol> - <li> - <p>For firefox based browsers:</p> - <ul> - <li>Navigate to <code>settings</code> -> <code>Privacy and Security</code></li> - <li>Scroll down to <code>DNS over HTTPS</code></li> - <li>Select <code>Off</code></li> - </ul> - </li> - <li> - <p>For chromium based browsers:</p> - <ul> - <li>Navigate to <code>settings</code> -> <code>Privacy and Security</code></li> - <li>Find <code>Use Secure DNS</code></li> - <li>Toggle it Off</li> - </ul> - </li> -</ol> -<p>And just like that, you've configured DoT for your system!</p> - -</body> -</html> |