You are currently viewing Setting Up Pi-hole with Cloudflared for Secure DNS Over HTTPS on Proxmox

Setting Up Pi-hole with Cloudflared for Secure DNS Over HTTPS on Proxmox

  • Post author:
  • Post last modified:November 14, 2024

Table of Contents

Introduction to Pi-hole with Cloudflared DNS Over HTTPS on Proxmox

In today’s internet landscape, privacy and security are paramount. One effective way to enhance both is by using Pi-hole as a network-wide ad blocker combined with Cloudflared to route DNS queries through DNS over HTTPS (DoH). This guide walks through setting up Pi-hole with Cloudflared on a Proxmox LXC container, providing secure, encrypted DNS for your entire network.

Why Use Pi-hole with Cloudflared DNS Over HTTPS?

Pi-hole is a DNS-based ad blocker that filters ads and trackers at the network level, blocking them before they reach your devices. Adding Cloudflared enables DNS over HTTPS, ensuring that your DNS queries are encrypted and more secure from potential interception by third parties. This setup improves privacy and prevents common ads, tracking, and malware sites from loading on any device connected to your network.

Requirements for Setting Up Pi-hole with Cloudflared on Proxmox

  • A server running Proxmox (or another virtualized environment)
  • An LXC container with Debian 12 (Bookworm) installed
  • Basic knowledge of command-line operations

Step 1: Set Up the Proxmox LXC Container with Debian 12 for Pi-hole

To get started, create an LXC container on Proxmox running Debian 12. Allocate a minimum of 512MB RAM and 2GB storage. Assign a static IP for ease of access. Once the container is set up, log in to the container’s console and proceed with the installation steps below.

Step 2: Install Pi-hole on Proxmox

To install Pi-hole, start by updating your system:

apt update && apt upgrade -y

Next, download and run the Pi-hole installation script:

curl -sSL https://install.pi-hole.net | bash

During the setup, Pi-hole will prompt you to select an upstream DNS provider. For now, choose any provider (e.g., Google, Cloudflare), as we’ll later configure Pi-hole to route DNS through Cloudflared.

Step 3: Install Cloudflared for DNS Over HTTPS

Cloudflared will handle DNS over HTTPS for Pi-hole, encrypting your DNS queries. Follow these steps to install and configure it:

    1. Download and add the Cloudflared repository key:
curl -sSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null
    1. Add the Cloudflared repository:
echo "deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared bookworm main" | sudo tee /etc/apt/sources.list.d/cloudflared.list
    1. Install Cloudflared:
sudo apt update && sudo apt install cloudflared -y

Step 4: Configure Cloudflared for DNS Over HTTPS

With Cloudflared installed, configure it to route DNS queries over HTTPS:

    1. Create a configuration file for Cloudflared:
sudo mkdir -p /etc/cloudflared
sudo nano /etc/cloudflared/config.yml
    1. Add the following configuration to config.yml:
proxy-dns: true
proxy-dns-port: 5053
proxy-dns-upstream:
 - https://1.1.1.1/dns-query
 - https://1.0.0.1/dns-query
  1. Save and exit the file.

Step 5: Create a Systemd Service for Cloudflared on Proxmox

To ensure Cloudflared starts automatically on boot, create a systemd service file:

sudo nano /etc/systemd/system/cloudflared.service

Add the following content to the service file:

[Unit]
Description=Cloudflare DNS over HTTPS Proxy
After=network.target

[Service]
Type=simple
ExecStart=/usr/bin/cloudflared --config /etc/cloudflared/config.yml
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

After saving the file, reload systemd and start the Cloudflared service:

sudo systemctl daemon-reload
sudo systemctl enable cloudflared
sudo systemctl start cloudflared

Step 6: Configure Pi-hole to Use Cloudflared DNS on Proxmox

Now that Cloudflared is set up, configure Pi-hole to use it as the DNS provider:

  1. Access the Pi-hole admin interface by visiting http://[your-pi-hole-ip]/admin in a browser.
  2. Navigate to Settings > DNS.
  3. In the “Upstream DNS Servers” section, add 127.0.0.1#5053 as a custom DNS server. Deselect any other DNS providers if you want Pi-hole to exclusively use Cloudflared.

Step 7: Verify Pi-hole and Cloudflared DNS Over HTTPS on Proxmox

To ensure everything is working correctly, you can use the dig command:

dig google.com @127.0.0.1 -p 5053

You should see a response indicating successful resolution through Cloudflared. Additionally, you can monitor Pi-hole’s query logs to confirm that queries are routed through 127.0.0.1#5053.

Optional: Additional Configurations for Enhanced Privacy

For added privacy, consider enabling DNSSEC in the Pi-hole settings under Advanced DNS settings. DNSSEC adds an extra layer of security by verifying the authenticity of DNS responses, though Cloudflared’s DoH also provides substantial privacy benefits.

Conclusion

Setting up Pi-hole with Cloudflared DNS over HTTPS in a Proxmox LXC container is a powerful way to block ads, enhance privacy, and ensure secure DNS queries across your network. This guide provides a comprehensive setup for anyone looking to achieve better control over their network’s security and privacy without sacrificing usability. Happy browsing!

Recommended Products

1. USB 2.5G Ethernet Adapter

UGREEN USB to Ethernet Adapter 2.5Gb

UGREEN USB to Ethernet Adapter 2.5Gb, Ethernet to USB Adapter, Aluminum, USB 3.0 to RJ45 Computer Network Internet LAN Ethernet Dongle for laptop, Compatible with MacBook Air/Pro, XPS, Windows, macOS

2. USB-C 2.5G Ethernet Adapter

UGREEN USB C to Ethernet Adapter 2.5G

UGREEN USB C to Ethernet Adapter 2.5G, Ethernet Adapter for Laptop, Aluminum, Type C (Thunderbolt 4/3) to RJ45 Network Internet LAN Adapter, Compatible for NAS, MacBook Air/Pro, XPS, iPhone 15 Pro/Max

3. PCIe 10G Network Card

10G PCI-E Network Card with 10Gbps Dual RJ45 Ports

10G PCI-E Network Card with 10Gbps Dual RJ45 Ports, Intel X540-T2 Controller, VIMIN 10Gb Ethernet Adapter Card Compatible with PCI Express X8, X16, Support Windows/Windows Server/Linux/VMware

4. Network Switch with 10G Uplinks

8 Port 2.5G PoE Switch Unmanaged

8 Port 2.5G PoE Switch Unmanaged with 8 x 2.5Gb Base-T PoE+@120W + 10G SFP Uplink, 2.5Gbe IEEE802.3af/at Power Over Ethernet Switch, Support WiFi6 AP, NAS, 4K PoE Camera NVR

5. High-Speed Ethernet Cable (Cat 6a)

Rapink Patch Cables Cat6a 1ft

Rapink Patch Cables Cat6a 1ft (10 Pack) Slim, Cat6a Ethernet Patch Cable 10G Support, Snagless Cat 6 Patch Cable for Patch Panel to Switch, Flexible Cat 6a Ethernet Cable with Gold Plated

6. Network Performance Monitoring Tool

Klein Tools VDV526-200 Cable Tester

Klein Tools VDV526-200 Cable Tester, LAN Scout Jr. 2 Ethernet Cable Tester for CAT 5e, CAT 6/6A Cables with RJ45 Connections

Why Support Matters

Creating valuable free content is a significant part of our mission, but it requires resources to maintain and grow. While we are dedicated to providing these resources without charging, they do incur costs. Your support is crucial in helping us continue offering this content. Here’s how you can help:

  • Use Affiliate Links: As an Amazon Associate, I earn from qualifying purchases. By using our affiliate links for your purchases, you help us earn small commissions that contribute to covering our operational costs, at no extra cost to you.
  • Engage and Share: Engage with our content by liking, commenting, and sharing it with others. This increases our reach and attracts more visitors who might support us financially, allowing us to continue providing valuable content.
  • Provide Direct Support: Consider donating or subscribing to support the content you value. Even small contributions can make a significant difference and help us sustain our efforts.

Disclaimer

As an Amazon Associate, I earn from qualifying purchases. This means I may earn a commission from qualifying purchases made through affiliate links, at no extra cost to you.

Stay Connected with Us

For exclusive updates, training tips, fitness advice, and more, follow us across all our platforms through one easy link.

👉 Stay Connected for Exclusive Martial Arts & Fitness Tips

Join our community and never miss an update!

Return to the home section.