The most detailed guide for installing Pi-hole as a DHCP and DNS (DoH Quad9 upstream) server on a Raspberry Pi.

pi-hole-guide.md

Pi-hole guide:

Steps:

• Boot Raspberry pi with Raspbian (using a USB flash drive)
• Installing Pi-hole and configuring it to also act as a DHCP server
• Setting up Quad9 on DoH, as the only upstream DNS server

---

Step 1: Boot Raspberry pi with Raspbian (using a USB flash drive)

• Download raspbian from the official link.
  • Recommended: Raspberry Pi OS Lite
• Extract the .zip folder to find a .img file.
  • Note: Even though Raspberry Pi (3B, 3B+, 4B) have a 64-bit CPU architecture, but Raspbian OS (desktop + recommended, desktop, and lite) are 32-bit based.
• Use Rufus to create a bootable USB flash drive (aka pen-drive / thumb drive) from the just extracted image file.
• Once done, create a file named "ssh" (without quotes and no extension) in the root folder of the bootable USB flash drive. This enables ssh capability on the Pi.
• Connect the bootable USB flash drive to a USB A port on the Pi, the ethernet cable to your Switch/Router's RJ45 jack.
  • Note: Prefer USB 3.0 A port, if available.
• Power on the Pi and wait for a minute or so.
• Collect the Pi's IP from the routing table of your Switch/Router, or use an IP Scanner tool for the same.
• ssh into the pi via: ssh pi@IP_ADDRESS_OF_THE_PI
  • Note: The default password is raspberry; It's highly recommended to change it.
• Once ssh'ed, run sudo apt update && sudo apt upgrade -y to update all packages.
• Set up a static IP for the Pi via sudo nano /etc/dhcpcd.conf. In here add,

static ip_address=192.168.1.42/24
static routers="YOUR_ROUTER_GATEWAY"

• Save and exit nano
  • Note: You can follow this method if you do not have access to your router's settings.
• Finally, reboot the Pi via sudo reboot
• Your pi should now be accessable via ssh pi@192.168.1.42

---

Step 2: Installing Pi-hole and configuring it to also act as a DHCP server

• Use Pi-hole's one step automated install by running curl -sSL https://install.pi-hole.net | bash on your Pi.
• Follow on screen settings, and when asked for upstream DNS, choose Quad9 Filtered DNSSEC.
  • Note: This will be changed to use Quad9 on DoH.
• Post installing Pi-hole, note down the password, as this will be used to login to the admin webpage.
• Head over to http://192.168.1.42/admin/index.php?login and type in the above presented password.
• Once loggedin, navigate to the DHCP webpage via http://192.168.1.42/admin/settings.php?tab=piholedhcp
• Enable Pi-hole DHCP server and optionally IPv6 support.
  • Note: Disable DHCP from your main router/switch!
• At http://192.168.1.42/admin/settings.php?tab=dns enable Listen on all interfaces
• Back in the ssh terminal type in getconf LONG_BIT
  • The output 32 signifies that the OS is 32-bit.

---

Step 3: Setting up Quad9 on DoH, as the only upstream DNS server

• For DNS over HTTPS, we'll be using cloudflared. Install via:

wget https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-arm.tgz
tar -xvzf cloudflared-stable-linux-arm.tgz
sudo cp ./cloudflared /usr/local/bin
sudo chmod +x /usr/local/bin/cloudflared
cloudflared -v

• Next, we'll configure cloudflared to use Quad9 DNS

sudo mkdir /etc/cloudflared/
sudo nano /etc/cloudflared/config.yml

• In here, add

proxy-dns: true
proxy-dns-port: 5053
proxy-dns-upstream:
  - https://dns.quad9.net/dns-query

• Save changes and exit nano.
• To save the configuration run:

sudo cloudflared service install --legacy
sudo systemctl start cloudflared
sudo reboot

• After the reboot, head over to http://192.168.1.42/admin/settings.php?tab=dns and uncheck both the boxes corresponding to Quad9 (filtered, DNSSEC)
• Enable Custom 1 (IPv4) and add 127.0.0.1#5053 in the box.
• Finally save the changes and reboot Pi again!

References: https://docs.pi-hole.net/guides/dns/cloudflared