Pi-Hole with DNS-Over-HTTPS via Cloudflare

Reading Time: 2 minutes

I was using Pi-Hole on my local network for some time on a VirtualBox VM that I had set up but recently removed it from my network as it was acting up and causing another possible fail point on my network that I just didn’t feel like troubleshooting at the time.

However with the release of the new CloudFlare 1.1.1.1 DNS, I thought I would revisit my Pi-Hole setup, this time actually running it on one of the many RaspberryPi’s that I have sitting around collecting dust.

Setting up Pi-Hole on a RaspberryPi is very easy, and there are already lots of how-tos out there on doing just that, but simply put you run the following command on your already setup RaspberryPi

curl -sSL https://install.pi-hole.net | bash

1	curl -sSL https://install.pi-hole.net \| bash

Once you have configured the Pi-Hole software on your RaspberryPi then you can follow the next steps to get DNS-Over-HTTPS running with cloudflared.

*I found this information over at the following blog but thought I would mirror the RaspberryPi setup over here in case Ben ever removed the post/site.

wget https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-arm.tgz
tar -xvzf cloudflared-stable-linux-arm.tgz
cp ./cloudflared /usr/local/bin
chmod +x /usr/local/bin/cloudflared
cloudflared -v

wget https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-arm.tgz

tar -xvzf cloudflared-stable-linux-arm.tgz

cp ./cloudflared /usr/local/bin

chmod +x /usr/local/bin/cloudflared

cloudflared -v

Now configure cloudflared to run every time that the RaspberryPi starts up. First add a user to the system

sudo useradd -s /usr/sbin/nologin -r -M cloudflared

1	sudo useradd -s /usr/sbin/nologin -r -M cloudflared

Next edit /etc/default/cloudflared and add the following to that file

# Commandline args for cloudflared
CLOUDFLARED_OPTS=--port 5053 --upstream https://1.1.1.1/dns-query

1 2	# Commandline args for cloudflared CLOUDFLARED_OPTS=--port 5053 --upstream https://1.1.1.1/dns-query

Then we will need to add the proper permissions to the cloudflared binary

sudo chown cloudflared:cloudflared /etc/default/cloudflared

1	sudo chown cloudflared:cloudflared /etc/default/cloudflared

Now you will need to create the systemd startup script by following block of settings to /lib/systemd/system/cloudflared.service

[Unit]
Description=cloudflared DNS over HTTPS proxy
After=syslog.target network-online.target

[Service]
Type=simple
User=cloudflared
EnvironmentFile=/etc/default/cloudflared
ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTS
Restart=on-failure
RestartSec=10
KillMode=process

[Install]
WantedBy=multi-user.target

[Unit]

Description=cloudflared DNS over HTTPS proxy

After=syslog.target network-online.target

[Service]

Type=simple

User=cloudflared

EnvironmentFile=/etc/default/cloudflared

ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTS

Restart=on-failure

RestartSec=10

KillMode=process

[Install]

WantedBy=multi-user.target

Lastly make sure that the service is set up to run on startup, start it and lastly check the status of it

sudo systemctl enable cloudflared
sudo systemctl start cloudflared
sudo systemctl status cloudflared

sudo systemctl enable cloudflared

sudo systemctl start cloudflared

sudo systemctl status cloudflared

Now that everything is working you will need to configure the system to accept the queries

First, create the following config file /etc/dnsmasq.d/50-cloudflared.conf which will contain the following information

server=127.0.0.1#5053

1	server=127.0.0.1#5053

And finally, you will need to comment out any other DNS servers that are visible within any files in /etc/dnsmasq.d/ as well as the following file /etc/pihole/setupVars.conf

Once all of these steps have been completed you now have Pi-Hole running on your RaspberryPi using DNS-Over-HTTPS. And as Ben had pointed out in his post you can verify that everything is working by visiting internet.nl DNSSEC test service.

Share this:

Like this: