cloudflared icon indicating copy to clipboard operation
cloudflared copied to clipboard
verified publisher icon cloudflare

Binding to both IPv6 and IPv4 at same time and IPv6 upstream support

Open Night1 opened this issue 6 years ago • 6 comments

Hey.

I'm trying to bind to both IPv6 and IPv4 at the same time, but can only get one and one work for a DoH proxy thatt is connected from pihole

For IPv4 CLOUDFLARED_OPTS= --port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query For IPv6 CLOUDFLARED_OPTS= --address ::1 --port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query Tried both

CLOUDFLARED_OPTS= --address ::1 127.0.0.1 --port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query

and

CLOUDFLARED_OPTS= --address ::1 --address 127.0.0.1 --port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query

None of them work it there some other config that will do this? normally ::1 should cover both but in this case when I do a dig @::1 -p 5053 works but dig @127.0.0.1 -p 5053 only IPv6 gives a response.

Using cloudflared version 2019.11.0 (built 2019-11-07-1631 UTC)

workaround is to start two instances or cloudflared one for each protocol.

Night1 avatar Nov 18 '19 04:11 Night1

@Night1 Amazing that after all this time this isn't documented but I run dual ipv6 and ipv4 using

--proxy-dns-address="::1"

I believe the following should work:

CLOUDFLARED_OPTS= --proxy-dns-address=::1 --port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query

My comment https://github.com/cloudflare/cloudflared/issues/73#issuecomment-462542558 points to the original source. I guess I should create a documentation PR.

moderation avatar Nov 18 '19 04:11 moderation

--proxy-dns-address="::1"

Hmm tested it looked like it worked for a while but looked closer and turned out i still have to run it dual stack by having two instances running one for v4 and one v6.

> @pi:/etc/default# cloudflared proxy-dns --port 5053 --address "::1" -upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query                                                                                                                               
> INFO[0000] Adding DNS upstream                           url="https://1.1.1.1/dns-query"
> INFO[0000] Adding DNS upstream                           url="https://1.0.0.1/dns-query"
> INFO[0000] Starting metrics server                       addr="127.0.0.1:44277"
> INFO[0000] Starting DNS over HTTPS proxy server          addr="dns://[::1]:5053"

Night1 avatar Nov 18 '19 10:11 Night1

joing proxy-dns-address is invalid :) "proxy dns" is the operator while --address are options for proxy-dns. However you did give me the hints needed. To get it working on both v4 and v6, was not "::1" but "::"

cloudflared proxy-dns --port 5053 --address :: -upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query

Thank you.

`pi:/home/pi# cloudflared proxy-dns --port 5053 --address "::" -upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query
INFO[0000] Adding DNS upstream                           url="https://1.1.1.1/dns-query"
INFO[0000] Adding DNS upstream                           url="https://1.0.0.1/dns-query"
INFO[0000] Starting metrics server                       addr="127.0.0.1:40629"
INFO[0000] Starting DNS over HTTPS proxy server          addr="dns://[::]:5053"`

Adding IPv6 to upstream results in:

pi:/home/pi# cloudflared proxy-dns --port 5053 --address "::" --upstream https://[2606:4700:4700::1111]/dns-query
INFO[0000] Adding DNS upstream                           url="https://[2606:4700:4700::1111]/dns-query"
INFO[0000] Starting metrics server                       addr="127.0.0.1:43363"
INFO[0000] Starting DNS over HTTPS proxy server          addr="dns://[::]:5053"
ERRO[0003] failed to connect to an HTTPS backend "https://[2606:4700:4700::1111]/dns-query"  error="returned status code 403"
ERRO[0003] failed to connect to an HTTPS backend "https://[2606:4700:4700::1111]/dns-query"  error="returned status code 403"

So cloudflare is blocking lookups over IPv6 for DoH.

Night1 avatar Nov 18 '19 21:11 Night1

@Night1 Did you get it working finally? Is DNS lookup on IPv6 still not supported by Cloudflare?

For context, I tried:

cloudflared proxy-dns --address :: --port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query --upstream https://[2606:4700:4700::1111]/dns-query--upstream https://[2606:4700:4700::1001]/dns-query

The log I get:

Mar 11 20:52:30 raspberrypi systemd[1]: Started cloudflared DNS over HTTPS proxy.
Mar 11 20:52:30 raspberrypi cloudflared[6449]: 2023-03-11T20:52:30Z INF Adding DNS upstream url=https://1.1.1.1/dns-query
Mar 11 20:52:30 raspberrypi cloudflared[6449]: 2023-03-11T20:52:30Z INF Adding DNS upstream url=https://1.0.0.1/dns-query
Mar 11 20:52:30 raspberrypi cloudflared[6449]: 2023-03-11T20:52:30Z INF Adding DNS upstream url=https://[2606:4700:4700::1111]/dns-query
Mar 11 20:52:30 raspberrypi cloudflared[6449]: 2023-03-11T20:52:30Z INF Starting metrics server on 127.0.0.1:37517/metrics
Mar 11 20:52:30 raspberrypi cloudflared[6449]: 2023-03-11T20:52:30Z INF Adding DNS upstream url=https://[2606:4700:4700::1001]/dns-query
Mar 11 20:52:30 raspberrypi cloudflared[6449]: 2023-03-11T20:52:30Z INF Starting DNS over HTTPS proxy server address=dns://[::]:5053

However, when visiting https://1.1.1.1/help, I still get:

Connectivity to Resolver IP Addresses
1.1.1.1 Yes
1.0.0.1 Yes
2606:4700:4700::1111 No
2606:4700:4700::1001 No

aldo-roman avatar Mar 11 '23 20:03 aldo-roman

I moved ISP new ISP does give me 2.5gigabit internet but not IPv6... anyways with AdGuard Home you can set up DoH + DoT nativiley.

Night1 avatar Aug 10 '23 18:08 Night1

related https://github.com/cloudflare/cloudflared/issues/1141

rturk avatar May 05 '24 01:05 rturk