Public | Automated Build

Last pushed: 5 days ago
Short Description
DNS connected to Cloudflare DNS over TLS
Full Description

Cloudflare DNS over TLS Docker container

Docker container running a DNS using Cloudflare DNS over TLS (IPv4 only), with a built-in healthcheck and malicious websites blocking.

Download size Image size RAM usage CPU usage
5MB 12.2MB 6MB Very Low

It is based on:

You can also block domains of your choice, see the Extra section

Diagrams are shown for router and client-by-client configurations in the Connect clients to it section

Testing it

docker run -it --rm -p 53:53/udp --dns= -e VERBOSITY=4 qmcgaw/cloudflare-dns-server -v -v
  • The DNS is set to for the healthcheck to be relevant (which tries to wget using Unbound)
  • The VERBOSITY variable goes from 0 (no log) to 5 (full debug log), and defaults to 1. See the unbound conf documentation.
  • The command passed to unbound is -v -v, this is to increase verbosity. See the unbound documentation.

You can check the verbose output with:

docker logs -f cloudflare-dns-tls

See the Connect clients to it section to finish testing.

Run it as a daemon

docker run -d --name=cloudflare-dns-tls -p 53:53/udp --dns= qmcgaw/cloudflare-dns-server -v

You can also download and use docker-compose.yml

Connect clients to it

Option 1: Router (recommended)

All machines connected to your router will use the encrypted DNS by default

Configure your router to use the LAN IP address of your Docker host as its primary DNS address.

  • Access your router page, usually at and login with your credentials
  • Change the DNS settings, which are usually located in Connection settings / Advanced / DNS server
  • If a secondary fallback DNS address is required, use Cloudflare address without TLS

Option 2: Client, one by one

You have to configure each machine connected to your router to use the Docker host as their DNS server.

Docker containers

Connect other Docker containers by specifying the DNS to be

  • Use the argument --dns= with the docker run command
  • Or modify your docker-compose.yml by adding the following to your container description:



  1. Open the control panel and follow the instructions shown on the screenshots below.

Enter the IP Address of your Docker host as the Preferred DNS server ( in my case)
You can set the Cloudflare DNS server address as an alternate DNS server although you might want to
leave this blank so that no domain name request is in plaintext.

When closing, Windows should try to identify any potential problems.
If everything is fine, you should see the following message:

Mac OS

Follow the instructions at


You probably know how to do that. Otherwise you can usually modify the first line of /etc/resolv.conf by changing the IP address
of your DNS server.


See this


See this


Block domains of your choice

  1. Create a file on your host /yourpath/blocks.conf
  2. Enter the following to block Youtube and Facebook for example:

     local-zone: "" static
     local-zone: "" static
  3. Launch the Docker container with:

     docker run -it --rm -p 53:53/udp -v /yourpath/blocks.conf:/etc/unbound/blocks.conf qmcgaw/cloudflare-dns-server -vvv
Docker Pull Command
Source Repository