Pi-Hole with DNS-Over-HTTPS via Cloudflare

RaspberryPi LogoI was using Pi-Hole on my local network for some time on a VirtualBox VM that I had set up but recently removed it from my network as it was acting up and causing another possible fail point on my network that I just didn’t feel like troubleshooting at the time.

However with the release of the new CloudFlare DNS, I thought I would revisit my Pi-Hole setup, this time actually running it on one of the many RaspberryPi’s that I have sitting around collecting dust.

Setting up Pi-Hole on a RaspberryPi is very easy, and there are already lots of how-tos out there on doing just that, but simply put you run the following command on your already setup RaspberryPi

Once you have configured the Pi-Hole software on your RaspberryPi then you can follow the next steps to get DNS-Over-HTTPS running with cloudflared.

*I found this information over at the following blog but thought I would mirror the RaspberryPi setup over here in case Ben ever removed the post/site.

Now configure cloudflared to run every time that the RaspberryPi starts up. First add a user to the system

Next edit /etc/default/cloudflared and add the following to that file

Then we will need to add the proper permissions to the cloudflared binary

Now you will need to create the systemd startup script by following block of settings to /lib/systemd/system/cloudflared.service

Lastly make sure that the service is set up to run on startup, start it and lastly check the status of it

Now that everything is working you will need to configure the system to accept the queries

First, create the following config file /etc/dnsmasq.d/50-cloudflared.conf which will contain the following information

And finally, you will need to comment out any other DNS servers that are visible within any files in /etc/dnsmasq.d/ as well as the following file /etc/pihole/setupVars.conf

Once all of these steps have been completed you now have Pi-Hole running on your RaspberryPi using DNS-Over-HTTPS. And as Ben had pointed out in his post you can verify that everything is working by visiting internet.nl DNSSEC test service.