Setting up a DNS-Over-Https Raspberry Pi for your whole network

Setting up a DNS-Over-Https Raspberry Pi for your whole network

( last updated : February 05, 2020 )
security privacy pihole D-O-H


One of the major ways that ISP's gather information on users is by gathering information from their dns queries. This information can be useful for tracking a users shopping habits, their hobbies, etc. Encrypting these requests is actually pretty easy to accomplish, and solves a plethera of issues such as blocking malicious advertisements, and keeping internet service providers from monitoring your activities.


Build Requirements


Raspberry Pi 1-3 (This might be possible on a Zero, havent tested)
8-16 GB SD Card
keyboard
Monitor that supports HDMI for inital install
A micro sd Card reader/writer
Internet Connection
USB power or Raspberry Pi power cable

Download the Raspian Buster Lite Image

Raspian Download

PiHole Dns-over-Https

Flash the image to the SD card


You can use whatever software you like, i go between:

Win32DiskImager
or
Etcher

After flashing the microsd insert it into the Raspberry Pi, and plug in the power


Once the OS is installed, change the username pi password

sudo passwd pi

Install Cloudflared


Download the cloudflared binary, depending on which raspberry pi you use you have some issues. The Raspberry Pi 2 seems to have a problem with never versions of CloudFlared. If this version of cloudflared seg faults for you then try the RPI 2 option

cd /tmp
wget https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-amd64.deb
dpkg -i cloudflared-stable-linux-amd64.deb
cloudflared -v

Raspberry Pi 2 Download if above seg faults

wget https://bin.equinox.io/a/4SUTAEmvqzB/cloudflared-2018.7.2-linux-arm.tar.gz
tar -zxvf cloudflared-2018.7.2-linux-arm.tar.gz -C /usr/local/bin/
cloudflared -v

If successful you should see something like this

cloudflared version 2018.7.2 (built 2018-07-13-1701 UTC)

Make the Cloudflared User

sudo useradd -r -M -s /usr/sbin/nologin -c "Cloudflared user" cloudflared
sudo passwd -l cloudflared
sudo chage -E 0 cloudflared

Make the default file

echo /etc/default/cloudflared >> "CLOUDFLARED_OPTS=--port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query"

Permission the the Files

sudo chown -v cloudflared:cloudflared /usr/local/bin/cloudflared
sudo chown -v cloudflared:cloudflared /etc/default/cloudflared

Make the Systemd File

sudo vi /lib/systemd/system/cloudflared.service

Copy this to the service file

[Unit]
Description=cloudflared DoH proxy
After=syslog.target network-online.target
 
[Service]
Type=simple
User=cloudflared
EnvironmentFile=/etc/default/cloudflared
ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTS
Restart=on-failure
RestartSec=10
KillMode=process
 
[Install]
WantedBy=multi-user.target

Enable the Service and set it to autostart if device loses power or is restarted

sudo systemctl enable cloudflared
sudo systemctl start cloudflared
sudo systemctl status cloudflared

Install PiHole


Download the installer and run it

wget -O basic-install.sh https://install.pi-hole.net
sudo bash basic-install.sh

Run through the installer making these selections


PiHole Dns-over-Https PiHole Dns-over-Https PiHole Dns-over-Https

Please Make sure you Select eth0


PiHole Dns-over-Https

Select cloudFlare for now, it will be changed in the Gui after install


PiHole Dns-over-Https

Make sure all are selected


PiHole Dns-over-Https

Select both, or at least IPv4. Depending on your setup


PiHole Dns-over-Https

This will show whatever IP address you are currently set as. For most of you this wont need to be changed, however if for any reason you need to change this.


   pihole -r
PiHole Dns-over-Https PiHole Dns-over-Https

Install the WebGui


PiHole Dns-over-Https PiHole Dns-over-Https PiHole Dns-over-Https

Ignore this for now, we are going to change the WebGui from Command line


PiHole Dns-over-Https

Once the script is done running, run this to change the webgui Password as root

pihole -a -p

Login into the webgui


http://<ip Address>/admin/
PiHole Dns-over-Https

UnCheck the Cloudflare section, and enter in the custom dns options below Also, make sure to select the Advanced DNS Settings Below.

PiHole Dns-over-Https

Wherever you are doing DHCP/Static entries update your DNS to the PiHole's Ip Address And that is it, you have setup the PiHole and your DNS queries should be private

Troubleshooting


For issues with PiHole, run this command which will reconfigure the pihole instance

pihole -r

If you need to set a static ip address for the Pi, please do this:


Edit /etc/network/interfaces. Change the address,network,netmask,broadcast,gateway to match you network


auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
  address 192.168.0.42 
  network 192.168.0.0
  netmask 255.255.255.0
  broadcast 192.168.0.255
  gateway 192.168.0.1

run 'service networking restart', minus the ', to complete your change. Note: This wont disconnect you from ssh.


For issues with cloudflared, you might need to do some googling to find a cloudflared binary that works with your pi

Originally published
Latest update February 05, 2020

Related posts :