Skip to content

Pi-hole as DNS Server with DNS over HTTPS (DOH) Based on Ubuntu/Debian Server

You can read about Pi-hole at their Official Website


Our setup fully depends on pi-hole dns server, that's why we use two servers one as primary DNS Server and the second as secondary DNS server.

We configured our router as a DNS server for all the DHCP clients. This way all the clients requests the router to resolve the DNS.

At the router we configured the primary and the secondary DNS as our pi-hole servers.

network flow
  • Virtual servers based on Ubuntu Server Release.
  • All the installation was under Root User

Installing Pi-hole

Just follow the official One-Step Automated Install

We used the "Method 1: Clone our repository and run"

git clone --depth 1 Pi-hole
cd "Pi-hole/automated install/"
sudo bash

Installing DNS-Over-HTTPS (Cloudflared Daemon)

sudo apt-get install ./cloudflared-stable-linux-amd64.deb
cloudflared -v

Now we configure Cloudflared Daemon to run on port then 5053 and provide it the DNS servers for resolving. We use the primary DNS server of cloudflare and secondary of google for redundancy.

mkdir /etc/cloudflared/
nano /etc/cloudflared/config.yml

Copy the following configuration:

proxy-dns: true
proxy-dns-port: 5053

Now install the service via cloudflared's service command:

cloudflared service install

Start, Enable on boot and Test

systemctl start cloudflared
systemctl enable cloudflared
systemctl status cloudflared

Now test that it is working! Run the following dig command, a response should be returned similar to the one below:

[email protected]:~ $ dig @ -p 5053

; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> @ -p 5053
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12157
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 22179adb227cd67b (echoed)
;                    IN      A

;; ANSWER SECTION:             191     IN      A

;; Query time: 0 msec
;; WHEN: Wed Dec 04 09:29:50 EET 2019
;; MSG SIZE  rcvd: 77

Configure Pi-Hole with DNS-Over-HTTPS

Finally, configure Pi-hole to use the local cloudflared service as the upstream DNS server by specifying as the Custom DNS (IPv4):


Advanced DNS settings


We use two blocklists that update daily they don't break any normal functionality and doing a good job for blocking ads


Since pi-hole now is the only dns server in our system, we want to update it on daily base. Which includes the Ubuntu OS, pi-hole, and the blocklists. For this case we will use this Auto Update Script, to update our system and clean all unused packages.

chmod +x
ln -s ${PWD}/ /usr/bin/autoupdate

Last step is to use crontab jobs to run all the needed updates and reboot the server. Since we will be using two servers the jobs will be executed in different time so one of the servers should be online and working while the other performs the update maintains.

crontab -e

Append this to the end of the file

0 2 * * *  /usr/bin/autoupdate
15 2 * * * /usr/local/bin/pihole -up
30 2 * * *  /usr/local/bin/pihole -g
45 2 * * *  /sbin/shutdown -r now

This will run all the following

  • autoupdate updates and cleanup the system at 2:00
  • pihole -up updates all pihole components at 2:15
  • pihole -g updates the blocklists at 2:30
  • shutdown -r now reboot the server 2:45

On the second pihole server we use this cron:

0 3 * * *  /usr/bin/autoupdate
15 3 * * * /usr/local/bin/pihole -up
30 3 * * *  /usr/local/bin/pihole -g
45 3 * * *  /sbin/shutdown -r now

The finial step is to configure your router to use your new pi-hole-doh servers as primary and secondary DNS servers.