I was using Pi-Hole on my local network for some time on a VirtualBox VM that I had set up but recently removed it from my network as it was acting up and causing another possible fail point on my network that I just didn’t feel like troubleshooting at the time.
However with the release of the new CloudFlare 220.127.116.11 DNS, I thought I would revisit my Pi-Hole setup, this time actually running it on one of the many RaspberryPi’s that I have sitting around collecting dust.
curl -sSL https://install.pi-hole.net | bash
wget https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-arm.tgz tar -xvzf cloudflared-stable-linux-arm.tgz cp ./cloudflared /usr/local/bin chmod +x /usr/local/bin/cloudflared cloudflared -v
sudo useradd -s /usr/sbin/nologin -r -M cloudflared
Next edit /etc/default/cloudflared and add the following to that file
# Commandline args for cloudflared CLOUDFLARED_OPTS=--port 5053 --upstream https://18.104.22.168/dns-query
Then we will need to add the proper permissions to the cloudflared binary
sudo chown cloudflared:cloudflared /etc/default/cloudflared
Now you will need to create the systemd startup script by following block of settings to /lib/systemd/system/cloudflared.service
[Unit] Description=cloudflared DNS over HTTPS proxy After=syslog.target network-online.target [Service] Type=simple User=cloudflared EnvironmentFile=/etc/default/cloudflared ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTS Restart=on-failure RestartSec=10 KillMode=process [Install] WantedBy=multi-user.target
Lastly make sure that the service is set up to run on startup, start it and lastly check the status of it
sudo systemctl enable cloudflared sudo systemctl start cloudflared sudo systemctl status cloudflared
Now that everything is working you will need to configure the system to accept the queries
First, create the following config file /etc/dnsmasq.d/50-cloudflared.conf which will contain the following information
And finally, you will need to comment out any other DNS servers that are visible within any files in /etc/dnsmasq.d/ as well as the following file /etc/pihole/setupVars.conf
Once all of these steps have been completed you now have Pi-Hole running on your RaspberryPi using DNS-Over-HTTPS. And as Ben had pointed out in his post you can verify that everything is working by visiting internet.nl DNSSEC test service.