Linux

This guide is made for Ubuntu/Debian based distros, if you are using another distro, some commands can be diffrent, but most of it should be the same.

If you are setting up something like Pi-hole on the system, then you will need to set another port, example: 8053

1.1.1.11.1.1.21.1.1.3

Install Cloudflare's Argo Tunnel:

wget "https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-amd64.deb"
dpkg -i cloudflared-stable-linux-amd64.deb
rm cloudflared-stable-linux-amd64.deb

Generate config files:

mkdir -p /usr/local/etc/cloudflared
cat << EOF > /usr/local/etc/cloudflared/config.yml
proxy-dns: true
proxy-dns-upstream:
 - https://cloudflare-dns.com/dns-query
proxy-dns-address: 127.0.0.1
proxy-dns-port: 53
EOF
echo "" > /usr/local/etc/cloudflared/cert.pem

Add the following to /etc/hosts:

1.1.1.1              cloudflare-dns.com
1.0.0.1              cloudflare-dns.com
2606:4700:4700::1111 cloudflare-dns.com
2606:4700:4700::1001 cloudflare-dns.com

Install Cloudflare's Argo Tunnel:

wget "https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-amd64.deb"
dpkg -i cloudflared-stable-linux-amd64.deb
rm cloudflared-stable-linux-amd64.deb

Generate config files:

mkdir -p /usr/local/etc/cloudflared
cat << EOF > /usr/local/etc/cloudflared/config.yml
proxy-dns: true
proxy-dns-upstream:
 - https://security.cloudflare-dns.com/dns-query
proxy-dns-address: 127.0.0.1
proxy-dns-port: 53
EOF
echo "" > /usr/local/etc/cloudflared/cert.pem

Add the following to /etc/hosts:

1.1.1.2              security.cloudflare-dns.com
1.0.0.2              security.cloudflare-dns.com
2606:4700:4700::1112 security.cloudflare-dns.com
2606:4700:4700::1002 security.cloudflare-dns.com

Install Cloudflare's Argo Tunnel:

wget "https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-amd64.deb"
dpkg -i cloudflared-stable-linux-amd64.deb
rm cloudflared-stable-linux-amd64.deb

Generate config files:

mkdir -p /usr/local/etc/cloudflared
cat << EOF > /usr/local/etc/cloudflared/config.yml
proxy-dns: true
proxy-dns-upstream:
 - https://family.cloudflare-dns.com/dns-query
proxy-dns-address: 127.0.0.1
proxy-dns-port: 53
EOF
echo "" > /usr/local/etc/cloudflared/cert.pem

Add the following to /etc/hosts:

1.1.1.3              family.cloudflare-dns.com
1.0.0.3              family.cloudflare-dns.com
2606:4700:4700::1113 family.cloudflare-dns.com
2606:4700:4700::1003 family.cloudflare-dns.com

And install cloudflared as a service, run it, and check that it runs:

cloudflared service install
systemctl start cloudflared
systemctl status cloudflared

Test if cloudflared is able to resolve hostname:

host -t AAAA cloudflare.com 127.0.0.1

If you are running on another port than 53 and you want to verify resvolving, you can install dnsutils:

apt-get install dnsutils
dig +short @127.0.0.1 -p 53 cloudflare.com AAAA

Add autoupdate by adding the following to cron with command crontab -e:

0 2 * * * cloudflared update; systemctl restart cloudflared

This will update cloudflared and restart cloudflared at 02:00 (2 AM) every night.