summaryrefslogtreecommitdiff
path: root/stuff/cloudflare-dot.html
diff options
context:
space:
mode:
Diffstat (limited to 'stuff/cloudflare-dot.html')
-rw-r--r--stuff/cloudflare-dot.html159
1 files changed, 0 insertions, 159 deletions
diff --git a/stuff/cloudflare-dot.html b/stuff/cloudflare-dot.html
deleted file mode 100644
index af4a1c2..0000000
--- a/stuff/cloudflare-dot.html
+++ /dev/null
@@ -1,159 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
- <meta charset="UTF-8">
- <meta name="viewport" content="width=device-width, initial-scale=1.0">
- <title>subh.space</title>
- <style>
- :root {
- --bg0: #282828;
- --bg1: #3c3836;
- --fg: #ebdbb2;
- --gray: #928374;
- --yellow: #fabd2f;
- --green: #b8bb26;
- --orange: #fe8019;
- --aqua: #8ec07c;
- }
-
- body {
- font-family: 'Iosevka Nerd Font Propo', Iosevka;
- line-height: 1.7;
- color: var(--fg);
- background-color: var(--bg0);
- max-width: 780px;
- margin: 40px auto;
- padding: 0 20px;
- -webkit-font-smoothing: antialiased;
- }
-
- h1 {
- font-size: 2.2em;
- color: var(--yellow);
- border-bottom: 2px solid var(--bg1);
- padding-bottom: 15px;
- margin-bottom: 30px;
- }
-
- h2 {
- font-size: 1.5em;
- color: var(--aqua);
- margin-top: 35px;
- margin-bottom: 15px;
- font-weight: 600;
- }
-
- p { margin-bottom: 1.2em; }
-
- code {
- font-family: 'Fira Code', 'JetBrains Mono', 'Courier New', monospace;
- background-color: var(--bg1);
- color: var(--orange);
- padding: 3px 6px;
- border-radius: 4px;
- font-size: 0.9em;
- }
-
- pre {
- background-color: #1d2021;
- padding: 20px;
- border-radius: 8px;
- overflow-x: auto;
- border: 1px solid var(--bg1);
- margin-bottom: 1.5em;
- }
-
- pre code {
- background-color: transparent;
- padding: 0;
- color: var(--fg);
- color-scheme: dark;
- }
-
- .language-toml { color: var(--fg); }
- .toml-key { color: var(--green); }
-
- ol, ul { margin-bottom: 1.5em; padding-left: 25px; }
- li { margin-bottom: 0.8em; }
- li pre { margin-top: 10px; margin-bottom: 10px; }
-
- </style>
-</head>
-<body>
-
-<h1>DNS over TLS (DoT) with cloudflare</h1>
-
-<p>This guide assumes that you're running a systemd-based operating system</p>
-
-<h2>1. Configure systemd-resolved to use cloudflare's DNS server</h2>
-<p>Add the following block to your <code>/etc/systemd/resolved.conf</code></p>
-<pre><code class="language-toml"><span class="toml-key">[Resolve]</span>
-DNS=1.1.1.3#family.cloudflare-dns.com 2606:4700:4700::1113#family.cloudflare-dns.com
-FallbackDNS=1.0.0.3#family.cloudflare-dns.com 2606:4700:4700::1003#family.cloudflare-dns.com
-DNSOverTLS=yes
-DNSSEC=yes
-Domains=~.
-</code></pre>
-<p><code>1.1.1.3</code> and <code>1.0.0.3</code> are part of cloudflare's family-friendly DNS servers which block malware and adult contents. You can also use the default <code>1.1.1.1</code> DNS server for DoT.</p>
-<p>Once the changes are saved, restart <code>systemd-resolved</code></p>
-<pre><code class="language-shell">sudo systemctl restart systemd-resolved
-</code></pre>
-
-<h2>2. Make systemd-resolve take precedence over resolve.conf</h2>
-<p>To make sure your system uses <code>systemd-resolved</code> over <code>resolv.conf</code>, you need to create a symlink as follows:</p>
-<pre><code class="language-shell">sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
-</code></pre>
-
-<h2>3. Make sure DNS is working as intended</h2>
-<p>Make sure you're able to resolve domain names as follows:</p>
-<pre><code class="language-shell">resolvectl query google.com
-</code></pre>
-<p>If you see output, you're golden!</p>
-
-<h2>4. An Edge Cases:</h2>
-<p>If you're using a service such as tailscale which overrides your <code>resolv.conf</code> upon start with its own magicDNS server, it may break your DoT setup. To make sure, tailscale never overrides your <code>resolv.conf</code>, do the following</p>
-<ol>
- <li>Re-create the symlink as it was likely broken when tailscale started</li>
-</ol>
-<pre><code class="language-shell">sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
-</code></pre>
-<ol start="2">
- <li>Restart <code>tailscaled</code> and <code>systemd-resolved</code></li>
-</ol>
-<pre><code class="language-shell">sudo systemctl restart tailscaled
-sudo systemctl restart systemd-resolved
-sudo tailscale up --accept-dns=true
-</code></pre>
-<ol start="3">
- <li>Check your <code>resolve.conf</code></li>
-</ol>
-<p>If your <code>resolve.conf</code> looks as follows, you're all good!</p>
-<pre><code class="language-shell">nameserver 127.0.0.53
-options edns0 trust-ad
-search tailxxxxx.ts.net
-</code></pre>
-
-<h2>5. Configure Browsers with DoT</h2>
-<p>If previously, you've been using DoH (DNS Over HTTPS) in your browser, and want to shift to your new DoT configuration, do the following</p>
-<ol>
- <li>
- <p>For firefox based browsers:</p>
- <ul>
- <li>Navigate to <code>settings</code> -&gt; <code>Privacy and Security</code></li>
- <li>Scroll down to <code>DNS over HTTPS</code></li>
- <li>Select <code>Off</code></li>
- </ul>
- </li>
- <li>
- <p>For chromium based browsers:</p>
- <ul>
- <li>Navigate to <code>settings</code> -&gt; <code>Privacy and Security</code></li>
- <li>Find <code>Use Secure DNS</code></li>
- <li>Toggle it Off</li>
- </ul>
- </li>
-</ol>
-<p>And just like that, you've configured DoT for your system!</p>
-
-</body>
-</html>
© 2026 subh.space