Got cloudflare DoH working WITH pihole! DNS over HTTPS

It does have to bypass unbound…but that is fine…becuase it is going directly to the cloudflare authoritative DNS servers

Using this method, Installed cloudflared

added --port 5336 to this line in the service script
ExecStart=/usr/local/bin/cloudflared proxy-dns --port 5336

Nice thing is Pi-hole is caching the hits just like before…no longer need unbound since it’s full encrypted to cloudflare DNS servers

Changed the upstream port in Pi-hole server to and blamo

Getting good hits in my Pi-hole logs as well

Further reading if interested:

Would there be any benefits besides tightening DNS security from choosing to use DoH over unbound? Lower memory usage but slower response time? Is this something that should be incorporated into dietpi?

We already offer a doc about how to activate DoT via Unbound DNS Servers Options - Docs

1 Like

There is also another dock directly from Pi-hole as well

TLS is a different protocol and port than the DoH…it is the same thing more or less…but utilizes the HTTPS port but thanks!!!