Pi-Hole with DNS-Over-HTTPS via Cloudflare

RaspberryPi Logo

I was using Pi-Hole on my local network for some time on a VirtualBox VM that I had set up but recently removed it from my network as it was acting up and causing another possible fail point on my network that I just didn’t feel like troubleshooting at the time.

However with the release of the new CloudFlare DNS, I thought I would revisit my Pi-Hole setup, this time actually running it on one of the many RaspberryPi’s that I have sitting around collecting dust.

Setting up Pi-Hole on a RaspberryPi is very easy, and there are already lots of how-tos out there on doing just that, but simply put you run the following command on your already setup RaspberryPi

curl -sSL https://install.pi-hole.net | bash

Once you have configured the Pi-Hole software on your RaspberryPi then you can follow the next steps to get DNS-Over-HTTPS running with cloudflared.

*I found this information over at the following blog but thought I would mirror the RaspberryPi setup over here in case Ben ever removed the post/site.

wget https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-arm.tgz
tar -xvzf cloudflared-stable-linux-arm.tgz
cp ./cloudflared /usr/local/bin
chmod +x /usr/local/bin/cloudflared
cloudflared -v

Now configure cloudflared to run every time that the RaspberryPi starts up. First add a user to the system

sudo useradd -s /usr/sbin/nologin -r -M cloudflared

Next edit /etc/default/cloudflared and add the following to that file

# Commandline args for cloudflared
CLOUDFLARED_OPTS=--port 5053 --upstream

Then we will need to add the proper permissions to the cloudflared binary

sudo chown cloudflared:cloudflared /etc/default/cloudflared

Now you will need to create the systemd startup script by following block of settings to /lib/systemd/system/cloudflared.service

Description=cloudflared DNS over HTTPS proxy
After=syslog.target network-online.target

ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTS


Lastly make sure that the service is set up to run on startup, start it and lastly check the status of it

sudo systemctl enable cloudflared
sudo systemctl start cloudflared
sudo systemctl status cloudflared

Now that everything is working you will need to configure the system to accept the queries

First, create the following config file /etc/dnsmasq.d/50-cloudflared.conf which will contain the following information


And finally, you will need to comment out any other DNS servers that are visible within any files in /etc/dnsmasq.d/ as well as the following file /etc/pihole/setupVars.conf

Once all of these steps have been completed you now have Pi-Hole running on your RaspberryPi using DNS-Over-HTTPS. And as Ben had pointed out in his post you can verify that everything is working by visiting internet.nl DNSSEC test service.