DNS over HTTPS (DoH) cloudflared and argo tunnel
Untuk meningkat security , privacy dan kecepatan DNS server forwarder kita, karena jalur query berjalah diatas https, terutama mail server biar tidak salah waktu request RBL
untuk linux package dan debian download disini
Install
root@debian:/dpkg --install cloudflared-stable-linux-amd64.deb
Check version
root@debian:/# cloudflared --version
cloudflared version 2018.7.3 (built 2018-07-18-2050 UTC)
running test default listen port 53
root@debian:/# cloudflared proxy-dns
INFO[0000] Applied configuration from /usr/local/etc/cloudflared/config.yml
INFO[0000] Adding DNS upstream url="https://1.1.1.1/dns-query"
INFO[0000] Starting metrics server addr="127.0.0.1:44403"
INFO[0000] Adding DNS upstream url="https://1.0.0.1/dns-query"
INFO[0000] Starting DNS over HTTPS proxy server addr="dns://localhost:53"
user untuk running daemon
root@debian:/#useradd -s /usr/sbin/nologin -r -M cloudflared
tambahkan prekonfigurasi di
/etc/default/cloudflared
CLOUDFLARED_OPTS=--port 5353 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query
update owner
root@debian:/#chown cloudflared:cloudflared /etc/default/cloudflared
root@debian:/#chown cloudflared:cloudflared /usr/local/bin/cloudflared
tambahkan start up systemd
/etc/systemd/system/cloudflared.service
[Unit]
Description=cloudflared DNS over HTTPS proxy
After=syslog.target network-online.target
[Service]
Type=simple
User=cloudflared
EnvironmentFile=/etc/default/cloudflared
ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTS
Restart=on-failure
RestartSec=10
KillMode=process
[Install]
WantedBy=multi-user.target
enable systemd
root@debian:/#systemctl enable cloudflared
root@debian:/#systemctl start cloudflared
check status cloudflared
root@debian:/#systemctl status cloudflared
test quey dns dengan dig
root@debian:/# dig @127.0.0.1 -p 5353 detik.com
; <<>> DiG 9.9.5-9+deb8u15-Debian <<>> @127.0.0.1 -p 5353 detik.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61599
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;detik.com. IN A
;; ANSWER SECTION:
detik.com. 72 IN A 203.190.242.211
detik.com. 72 IN A 103.49.221.211
;; Query time: 1 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Mon Jul 30 17:32:08 WIB 2018
;; MSG SIZE rcvd: 88
demikan hasil quey nya, tinggal di masukan ke dns forwarder kita
misal bind9
forwarders { 127.0.0.1 port 5353; };
atau
dnsmasq
server=127.0.0.1#5353
untuk lebih lanjut bisa baca disini
https://developers.cloudflare.com/1.1.1.1/dns-over-https/cloudflared-proxy/
Salam
untuk linux package dan debian download disini
Install
root@debian:/dpkg --install cloudflared-stable-linux-amd64.deb
Check version
root@debian:/# cloudflared --version
cloudflared version 2018.7.3 (built 2018-07-18-2050 UTC)
running test default listen port 53
root@debian:/# cloudflared proxy-dns
INFO[0000] Applied configuration from /usr/local/etc/cloudflared/config.yml
INFO[0000] Adding DNS upstream url="https://1.1.1.1/dns-query"
INFO[0000] Starting metrics server addr="127.0.0.1:44403"
INFO[0000] Adding DNS upstream url="https://1.0.0.1/dns-query"
INFO[0000] Starting DNS over HTTPS proxy server addr="dns://localhost:53"
user untuk running daemon
root@debian:/#useradd -s /usr/sbin/nologin -r -M cloudflared
tambahkan prekonfigurasi di
/etc/default/cloudflared
CLOUDFLARED_OPTS=--port 5353 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query
update owner
root@debian:/#chown cloudflared:cloudflared /etc/default/cloudflared
root@debian:/#chown cloudflared:cloudflared /usr/local/bin/cloudflared
tambahkan start up systemd
/etc/systemd/system/cloudflared.service
[Unit]
Description=cloudflared DNS over HTTPS proxy
After=syslog.target network-online.target
[Service]
Type=simple
User=cloudflared
EnvironmentFile=/etc/default/cloudflared
ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTS
Restart=on-failure
RestartSec=10
KillMode=process
[Install]
WantedBy=multi-user.target
enable systemd
root@debian:/#systemctl enable cloudflared
root@debian:/#systemctl start cloudflared
check status cloudflared
root@debian:/#systemctl status cloudflared
test quey dns dengan dig
root@debian:/# dig @127.0.0.1 -p 5353 detik.com
; <<>> DiG 9.9.5-9+deb8u15-Debian <<>> @127.0.0.1 -p 5353 detik.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61599
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;detik.com. IN A
;; ANSWER SECTION:
detik.com. 72 IN A 203.190.242.211
detik.com. 72 IN A 103.49.221.211
;; Query time: 1 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Mon Jul 30 17:32:08 WIB 2018
;; MSG SIZE rcvd: 88
demikan hasil quey nya, tinggal di masukan ke dns forwarder kita
misal bind9
forwarders { 127.0.0.1 port 5353; };
atau
dnsmasq
server=127.0.0.1#5353
untuk lebih lanjut bisa baca disini
https://developers.cloudflare.com/1.1.1.1/dns-over-https/cloudflared-proxy/
Salam
Komentar
Posting Komentar