I’ve recently set up Pi-Hole on a Raspberry Pi 4. I’m also running a Cloudflare Tunnel so I can access applications on my LAN remotely using a FQDN.
I’m trying to use Pi-Hole as my DNS when remote from my home, not bothered when using mobile data, but would like to when connected to any other WiFi network.
I’ve tried creating a new hostname (dns.domain.com) and pointed my device at that as its DNS server but it just won’t resolve. The hostname does work when adding the /admin on the end to access the Web UI for Pi-Hole.
Is there something else I’m missing with this in order to accomplish what I want. Is it actually even possible?
Thanks in advance to anyone able to assist with this!
Do NOT port forward your PiHole, unless you take all the required precausions to protect your network. But yes I’m theory you should be able to port forward it.
Replace your Pi-hole with Adgaurd Home then enable encryption, use cloudlfare tunnel with your domain name and allow only requests for yourself in the DNS setting at the bottom. Pi-hole doesn’t allow encryption only Adgaurd Home does.
You’d need to expose the DNS server to the outside world for queries which would be a bad idea, what I’d suggest is using a VPN such as wireguard that allows split tunnelling and have it only tunnel DNS queries, can even have it turned on with mobile data then and have ad blocking whilst on 3/4/5g
You really can’t do that. For one cloudflare doesn’t support it. And second how should any PC find the DNS server when you have to use a Domian Name that is floating on cloudflare servers. Spoiler you can’t. You setup IPs in your network config for DNS servers as you need those to resolve the DN in the first place.
Cloudflare tunnels use a FQDN in order to access the services that you are hosting inside your network. FQDN will require a DNS lookup to locate so if you think about it in order for this to work your device would need to do a DNS lookup in order to locate and reach your DNS server. Also DNS is configured on your device by IP address not hostname. I’m very doubtful this can work via cloudflare tunnels. VPN is likely your only choice. If you’re running unifi hardware like a UDM, UDM-Pro, UDR you can use teleport VPN which requires almost no configuration at all.
I use my Pihole on the road by connecting back home via WireGuard, with the added benefit I can also connect to my Dockers and shares, all by exposing a single port. Use a DDNS service to keep track of your IP just in case.
I use Wireguard and turn on On-demand for everywhere but my home network. I also have it setup with full tunnel so it’s just like I’m at home (Pi-hole coverage included).
Well Cloudflare tunnels don’t need port forwarding so I won’t be. I’m just trying to figure out how to use the FQDN that I can set up in the Cloudflare Tunnel dashboard to remotely use pi-hole as my DNS.
Did you get this working in terms of actually using Pi-Hole as your DNS remotely, through the domain name?Or just able to access the admin page remotely?
considering that nameservers for a domain are specified using FQDNs I’m not sure I get your point.
Admittedly I can’t see a way of doing it that doesn’t use a subdomain of any CF “website” but then CF do some really weird stuff with DNS (CNAMEs for domain root records?)
That’s what I’m doing. No problems so far. I have pihole everywhere I am. VPNs are not that hard to configure, also some routers have Wireguard installed on them.
Ah sorry, yeah just admin page. I’m using free services in Cloudflare and you can’t do anything other than web hosting for free and there’s no way to wrap zero trust auth around real dns at port 53. (That I know of) and I really don’t want my stuff sitting exposed on the internet at port 53, No way