DNS-over-HTTPS on Pi-hole

Install cloudflared

cd ~
wget https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-arm.tgz
mkdir argo-tunnel
tar -xvzf cloudflared-stable-linux-arm.tgz -C ./argo-tunnel
rm cloudflared-stable-linux-arm.tgz
cd argo-tunnel
./cloudflared --version

It should return something like: cloudflared version 2019.1.0 (built 2019-01-28-2335 UTC)


Filename: /etc/systemd/system/dnsproxy.service

Description=DNS over HTTPS Proxy
After=network.target network-online.target

ExecStart=/home/pi/argo-tunnel/cloudflared proxy-dns --port 54 --upstream https://doh.securedns.eu/dns-query --upstream https://dns.adguard.com/dns-query


Replace path of cloudflared binary if applicable. If you want, replace upstreams with ones you prefer.


sudo systemctl daemon-reload
sudo systemctl enable --now dnsproxy.service


dig www.google.com @ -p 54 +noall +answer

This should return something like this:

; <<>> DiG 9.10.3-P4-Raspbian <<>> www.google.com @ -p 54 +noall +answer
;; global options: +cmd
www.google.com.		626	IN	A

Add DNS Server IP addresses to /etc/hosts

Filename /etc/hosts:

# DNS-over-HTTPS dns.adguard.com  ads.securedns.eu ads-doh.securedns.eu

Replace them with your resolvers’ IP addresses & domains.

Set Pi-hole to use DNS-over-HTTPS

Go to http://pi.hole/admin/settings.php?tab=dns and set “Upstream DNS Servers” to Disable every other DNS upstream.

Further reading