Download the cloudflared daemon.
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64
mv cloudflared-linux-amd64 /usr/sbin/cloudflared
chmod -x /usr/sbin/cloudflared
cloudflared --version
Start the DNS proxy on an address and port in your network.
cloudflared proxy-dns --upstream https://dns-family.adguard.com/dns-query
Set up cloudflared as a service so it starts on user login.
sudo tee /etc/systemd/system/cloudflared-proxy-dns.service >/dev/null <<EOF
[Unit]
Description=DNS over HTTPS (DoH) proxy client
Wants=network-online.target nss-lookup.target
Before=nss-lookup.target
[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
DynamicUser=yes
ExecStart=/usr/sbin/cloudflared proxy-dns --upstream https://dns-family.adguard.com/dns-query
[Install]
WantedBy=multi-user.target
EOF
Set IP for dns-family.adguard.com in case of DNS contamination.
echo "94.140.14.15 dns-family.adguard.com" >>/etc/hosts
echo "94.140.15.16 dns-family.adguard.com" >>/etc/hosts
Install cloudflared as a service so it starts on user login.
systemctl daemon-reload
sudo systemctl start --now cloudflared-proxy-dns
sudo systemctl enable --now cloudflared-proxy-dns
sudo systemctl status --now cloudflared-proxy-dns
Verify that it's running, then switch your DNS servers to 127.0.0.1
dig +short @127.0.0.1 google.com A
Set local dns
echo "nameserver 127.0.0.1" >/etc/resolv.conf
Force everything use this DNS
sudo iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to 127.0.0.1:53;
sudo iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to 127.0.0.1:53;
sudo iptables -t nat -A POSTROUTING -j MASQUERADE
Save iptables
sudo apt install iptables-persistent -y
netfilter-persistent save