Quick and dirty setup instructions to get Pi-hole running with DoH via Cloudflare on a headless Raspberry Pi.
I was originally using Pi-hole with Quad9 as my upstream DNS provider, but noticed that my ISP (Spectrum) was still intercepting and answering some DNS queries so I've switched to Cloudflare and their Argo Tunnel client for DNS over HTTPS.
Yes, I know there are other options out there like unbound, stubby, DNS over TLS, and DNSCrypt, but as of this writing the whole encrypted DNS thing still feels really runny so I went with cloudflared because it's a single package that's easy to configure, update, and remove. This combination gets me to a place where my network is using encrypted DNS + DNSSEC and should automagically support ESNI once Safari implements it, and I could easily back out of DNS over HTTPS if DoT or DNSCrypt becomes more fully-baked before DoH does. I'll also happily switch back to Quad9 if they provide a DoH pr