Cloudflare DNS over TLS Docker container
Docker container running a DNS using Cloudflare 126.96.36.199 DNS over TLS (IPv4 only), with a built-in healthcheck and malicious websites blocking.
|Download size||Image size||RAM usage||CPU usage|
It is based on:
You can also block domains of your choice, see the Extra section
Diagrams are shown for router and client-by-client configurations in the Connect clients to it section
docker run -it --rm -p 53:53/udp --dns=127.0.0.1 -e VERBOSITY=4 qmcgaw/cloudflare-dns-server -v -v
- The DNS is set to
127.0.0.1for the healthcheck to be relevant (which tries to wget duckduckgo.com using Unbound)
VERBOSITYvariable goes from 0 (no log) to 5 (full debug log), and defaults to 1. See the unbound conf documentation.
- The command passed to unbound is
-v -v, this is to increase verbosity. See the unbound documentation.
You can check the verbose output with:
docker logs -f cloudflare-dns-tls
See the Connect clients to it section to finish testing.
Run it as a daemon
docker run -d --name=cloudflare-dns-tls -p 53:53/udp --dns=127.0.0.1 qmcgaw/cloudflare-dns-server -v
You can also download and use docker-compose.yml
Connect clients to it
Option 1: Router (recommended)
All machines connected to your router will use the 188.8.131.52 encrypted DNS by default
Configure your router to use the LAN IP address of your Docker host as its primary DNS address.
- Access your router page, usually at http://192.168.1.1 and login with your credentials
- Change the DNS settings, which are usually located in Connection settings / Advanced / DNS server
- If a secondary fallback DNS address is required, use Cloudflare address 184.108.40.206 without TLS
Option 2: Client, one by one
You have to configure each machine connected to your router to use the Docker host as their DNS server.
Connect other Docker containers by specifying the DNS to be 127.0.0.1
- Use the argument
Or modify your docker-compose.yml by adding the following to your container description:
dns: - 127.0.0.1
- Open the control panel and follow the instructions shown on the screenshots below.
Enter the IP Address of your Docker host as the Preferred DNS server (
192.168.1.210 in my case)
You can set the Cloudflare DNS server address 220.127.116.11 as an alternate DNS server although you might want to
leave this blank so that no domain name request is in plaintext.
When closing, Windows should try to identify any potential problems.
If everything is fine, you should see the following message:
Follow the instructions at https://support.apple.com/kb/PH25577
You probably know how to do that. Otherwise you can usually modify the first line of /etc/resolv.conf by changing the IP address
of your DNS server.
Block domains of your choice
- Create a file on your host
Enter the following to block Youtube and Facebook for example:
local-zone: "youtube.com" static local-zone: "facebook.com" static
Launch the Docker container with:
docker run -it --rm -p 53:53/udp -v /yourpath/blocks.conf:/etc/unbound/blocks.conf qmcgaw/cloudflare-dns-server -vvv