Pi Hole

  • Download Raspbian Lite
  • Flash an SD Card with Pi image. https://www.balena.io/etcher/ has option for Linux and Windows.
  • Touch file /boot/ssh on SDCard to enable ssh for headless mode.
  • Boot to Pi
  • Grab the IP address with Nmap
$ nmap -p22 --open 192.168.1.0/24

Starting Nmap 7.60 ( https://nmap.org ) at 2019-01-20 17:21 AEST
Nmap scan report for raspberrypi (192.168.1.83)
Host is up (0.0031s latency).

PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 256 IP addresses (5 hosts up) scanned in 2.44 seconds
  • ssh on to Pi
    • default username: pi
    • default password: raspberry
  • sudo apt update
  • sudo apt dist-upgrade
  • reboot
  • Change pi password
Install cloudflared

To optionally run Pi-hole using Cloudflare's DNS over HTTPS:

$ cd ~
$ wget https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-arm.tgz
$ sudo mkdir /opt/argo-tunnel
$ sudo tar -xvzf cloudflared-stable-linux-arm.tgz -C /opt/argo-tunnel
$ sudo cd /opt/argo-tunnel
$ /opt/cloudflared --version
Install PI Hole

I'm opting to download then run the script, rather than pipe it to bash with curl.

$ wget -O basic-install.sh https://install.pi-hole.net
sudo bash basic-install.sh

You will be prompted with the following during the installation. General defaults are fine, just be sure you select the correct interface.

  1. Choose Interface.
  2. Select upstream provider. ( I recommend Cloudflare if not using Cloudflared as above.)
  3. Select 3rd party lists for blocking ads.
  4. Select IPv4 and/or IPv6.
  5. Set static IP Address. I generally use the suggested, and make that reserved in my router config.
  6. Enable web interface.
  7. Enable web server.
  8. Enable log queries.
  9. Select privacy mode.

After that Pi-hole will install.

Post install cloudflared config

Update /etc/dnsmasq.d/01-pihole.conf:

# server=1.1.1.1
# server=1.0.0.1
server=127.0.0.1#54

Update /etc/pihole/setupVars.conf with:

#PIHOLE_DNS_1=1.1.1.1
#PIHOLE_DNS_2=1.0.0.1

Update /etc/systemd/system/dnsproxy.service with:

[Unit]
Description=CloudFlare DNS over HTTPS
Wants=network-online.target
After=network.target network-online.target
 
[Service]
ExecStart=/opt/argo-tunnel/cloudflared proxy-dns --port 54 --upstream https://1.1.1.1/.well-known/dns-query --upstream https://1.0.0.1/.well-known/dns-query
Restart=on-abort
 
[Install]
WantedBy=multi-user.target

Enable services & restart:

sudo systemctl enable dnsproxy.service
sudo systemctl restart dnsproxy.service

Test Cloudflared

$ dig @127.0.0.1 -p 54 google.com

; <<>> DiG 9.10.3-P4-Raspbian <<>> @127.0.0.1 -p 54 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7136
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		83	IN	A	216.58.197.174

;; Query time: 0 msec
;; SERVER: 127.0.0.1#54(127.0.0.1)
;; WHEN: Fri Jan 25 02:32:24 GMT 2019
;; MSG SIZE  rcvd: 65
Finally...
  • Configure router and/or devices to use Pi-hole as DNS server.
  • Access the admin console via http://192.168.1.83/admin, where that IP is the IP address of your Pi-hole, to view stats and manage whitelists.
  • To configure a little extra security, have a look at Pi Hard

References

Pi-hole Doco
Pi-hole DNS over HTTPS guide