I was using Pi-Hole on my local network for some time on a VirtualBox VM that I had set up but recently removed it from my network as it was acting up and causing another possible fail point on my network that I just didn’t feel like troubleshooting at the time.
However with the release of the new CloudFlare 1.1.1.1 DNS, I thought I would revisit my Pi-Hole setup, this time actually running it on one of the many RaspberryPi’s that I have sitting around collecting dust.
Setting up Pi-Hole on a RaspberryPi is very easy, and there are already lots of how-tos out there on doing just that, but simply put you run the following command on your already setup RaspberryPi
| 1 | curl -sSL https://install.pi-hole.net | bash |
Once you have configured the Pi-Hole software on your RaspberryPi then you can follow the next steps to get DNS-Over-HTTPS running with cloudflared.
*I found this information over at the following blog but thought I would mirror the RaspberryPi setup over here in case Ben ever removed the post/site.
| 1 2 3 4 5 | wget https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-arm.tgz tar -xvzf cloudflared-stable-linux-arm.tgz cp ./cloudflared /usr/local/bin chmod +x /usr/local/bin/cloudflared cloudflared -v |
Now configure cloudflared to run every time that the RaspberryPi starts up. First add a user to the system
| 1 | sudo useradd -s /usr/sbin/nologin -r -M cloudflared |
Next edit /etc/default/cloudflared and add the following to that file
| 1 2 | # Commandline args for cloudflared CLOUDFLARED_OPTS=--port 5053 --upstream https://1.1.1.1/dns-query |
Then we will need to add the proper permissions to the cloudflared binary
| 1 | sudo chown cloudflared:cloudflared /etc/default/cloudflared |
Now you will need to create the systemd startup script by following block of settings to /lib/systemd/system/cloudflared.service
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | [Unit] Description=cloudflared DNS over HTTPS proxy After=syslog.target network-online.target [Service] Type=simple User=cloudflared EnvironmentFile=/etc/default/cloudflared ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTS Restart=on-failure RestartSec=10 KillMode=process [Install] WantedBy=multi-user.target |
Lastly make sure that the service is set up to run on startup, start it and lastly check the status of it
| 1 2 3 | sudo systemctl enable cloudflared sudo systemctl start cloudflared sudo systemctl status cloudflared |
Now that everything is working you will need to configure the system to accept the queries
First, create the following config file /etc/dnsmasq.d/50-cloudflared.conf which will contain the following information
| 1 | server=127.0.0.1#5053 |
And finally, you will need to comment out any other DNS servers that are visible within any files in /etc/dnsmasq.d/ as well as the following file /etc/pihole/setupVars.conf
Once all of these steps have been completed you now have Pi-Hole running on your RaspberryPi using DNS-Over-HTTPS. And as Ben had pointed out in his post you can verify that everything is working by visiting internet.nl DNSSEC test service.