search

cloudflare / cloudflared

Cloudflare Tunnel client (formerly Argo Tunnel)
https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide
Apache License 2.0
8.4k stars 729 forks source link

Specify DNS resolver host:port when running tunnel #1229

Open ikhwanperwira opened 2 months ago

ikhwanperwira commented 2 months ago

Describe the feature you'd like I expect there is --dns-resolver flag.

cloudflared --dns-resolver=127.0.0.1:10053 tunnel --hello-world

Describe alternatives you've considered There is, but it's too overhead which I need to run the cloudflared binary in an emulator such as QEMU where I forward port traffic from port 53 in guest to the port 10053 in host.

Additional context I noticed that, the binary program especially linux based was trying to read local DNS resolver which is [::1]:53. But, there is no local DNS resolver in Android (arm64). I have no root access in my phone to create local DNS server in port 53 as we know port range (0-1024) is reserved and only root access can listen it while I don't have root access. I expect the cloudflared is more user-space friendly instead of kernel-space access permision.

Here is as you see that I have error in this log which it tried to read port 53.

~/cf $ ./cloudflared-linux-arm64 --edge-bind-address=198.41.200.63 tunnel --hello-world
2024-04-08T06:25:57Z INF Thank you for trying Cloudflare Tunnel. Doing so, without a Cloudflare account, is a quick way to experiment and try it out. However, be aware that these account-less Tunnels have no uptime guarantee. If you intend to use Tunnels in production you should use a pre-created named tunnel by following: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps
2024-04-08T06:25:57Z INF Requesting new quick Tunnel on trycloudflare.com...
failed to request quick Tunnel: Post "https://api.trycloudflare.com/tunnel": dial tcp: lookup api.trycloudflare.com on [::1]:53: read udp [::1]:43308->[::1]:53: read: connection refused

I also thought bound specific edge address would resolve this issue, but yet it still need DNS resolver on port 53.

Therefore I expect I can just do this (add --dns-resolver flag)

 ./cloudflared-linux-arm64 --dns-resolver=127.0.0.1:10053 tunnel --hello-world

Therefore I can setup my DNS server in user-space port which is 10053 instead of kernel-space port that requires root previlege (port 53).

divyam234 commented 1 month ago

@ikhwanperwira just fork the repo and add https://github.com/cloudflare/cloudflared/blob/f27418044ba359a17995166034d900c11aa50008/cmd/cloudflared/tunnel/quick_tunnel.go#L30 custom dns resolver in http client I had the same issue I not sure these people will do the change in main repo and would not even see this