I was using Pi-Hole on my local network for some time on a VirtualBox VM that I had set up but recently removed it from my network as it was acting up and causing another possible fail point on my network that I just didn’t feel like troubleshooting at the time.
However with the release of the new CloudFlare 1.1.1.1 DNS, I thought I would revisit my Pi-Hole setup, this time actually running it on one of the many RaspberryPi’s that I have sitting around collecting dust.
Setting up Pi-Hole on a RaspberryPi is very easy, and there are already lots of how-tos out there on doing just that, but simply put you run the following command on your already setup RaspberryPi
curl -sSL https://install.pi-hole.net | bash
Once you have configured the Pi-Hole software on your RaspberryPi then you can follow the next steps to get DNS-Over-HTTPS running with cloudflared.
*I found this information over at the following blog but thought I would mirror the RaspberryPi setup over here in case Ben ever removed the post/site.
wget https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-arm.tgz tar -xvzf cloudflared-stable-linux-arm.tgz cp ./cloudflared /usr/local/bin chmod +x /usr/local/bin/cloudflared cloudflared -v
Now configure cloudflared to run every time that the RaspberryPi starts up. First add a user to the system
sudo useradd -s /usr/sbin/nologin -r -M cloudflared
Next edit /etc/default/cloudflared and add the following to that file
# Commandline args for cloudflared CLOUDFLARED_OPTS=--port 5053 --upstream https://1.1.1.1/dns-query
Then we will need to add the proper permissions to the cloudflared binary
sudo chown cloudflared:cloudflared /etc/default/cloudflared
Now you will need to create the systemd startup script by following block of settings to /lib/systemd/system/cloudflared.service
[Unit] Description=cloudflared DNS over HTTPS proxy After=syslog.target network-online.target [Service] Type=simple User=cloudflared EnvironmentFile=/etc/default/cloudflared ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTS Restart=on-failure RestartSec=10 KillMode=process [Install] WantedBy=multi-user.target
Lastly make sure that the service is set up to run on startup, start it and lastly check the status of it
sudo systemctl enable cloudflared sudo systemctl start cloudflared sudo systemctl status cloudflared
Now that everything is working you will need to configure the system to accept the queries
First, create the following config file /etc/dnsmasq.d/50-cloudflared.conf which will contain the following information
server=127.0.0.1#5053
And finally, you will need to comment out any other DNS servers that are visible within any files in /etc/dnsmasq.d/ as well as the following file /etc/pihole/setupVars.conf
Once all of these steps have been completed you now have Pi-Hole running on your RaspberryPi using DNS-Over-HTTPS. And as Ben had pointed out in his post you can verify that everything is working by visiting internet.nl DNSSEC test service.