Setting up Pi-hole

[jonneymendoza]

Heads up if you use Pi-hole with DNS-over-HTTPS via cloudflared.

Cloudflare have removed the old cloudflared proxy-dns feature from newer versions of cloudflared. If your Pi-hole is configured to forward DNS to 127.0.0.1#5053, and cloudflared updates to a new version, DNS can partially break.

The awkward bit is that Pi-hole may still look healthy. The dashboard can still show queries, blocked domains, active clients, and normal-looking graphs, because Pi-hole is still receiving requests and can still block domains locally. But normal allowed lookups may fail or time out because Pi-hole is forwarding them to cloudflared on port 5053, and cloudflared is no longer running that service.

Quick checks:

On the Pi-hole, run:

grep -n "^PIHOLE_DNS" /etc/pihole/setupVars.conf

If you see:

127.0.0.1#5053

then check whether anything is listening there:

sudo ss -lntup | grep ':5053'

If nothing is listening, DNS-over-HTTPS is broken and Pi-hole’s upstream resolver is dead.

Also check:

systemctl status cloudflared --no-pager

If the log says DNS Proxy is no longer supported since version 2026.2.0, that’s the problem.

The simplest fix is to stop using cloudflared for Pi-hole DNS and set Pi-hole back to normal upstream DNS servers such as Google, Quad9, Cloudflare, OpenDNS, etc. In the Pi-hole web interface, go to Settings → DNS, remove 127.0.0.1#5053, choose normal upstream DNS servers, save, then disable cloudflared:

sudo systemctl disable --now cloudflared

Then test:

dig @PIHOLE_IP google.com

If that returns an answer instead of timing out, it’s fixed.


Thanks to chatgpt for helping me find this (and writing that summary above).

I run pihole on a docker container, how do i do the above?

 

[Feek]

I run pihole on a docker container, how do i do the above?

You'd know if you've set up cloudflared, but to be sure, using the web interface for Pi-hole, just go to settings/DNS and make sure you don't have a custom server set as an upstream DNS server.

 

[Ad_Augendae]

I run pihole on a docker container, how do i do the above?

I thought you had an RB5009. ie containers, Technitium is in the menu. Not sure if it is built with QUIC but you can pull the latest that includes it anyway.
h3://dns.adguard-dns.com/dns-query (94.140.14.14)
h3://dns.adguard-dns.com/dns-query (94.140.15.15)
h3://cloudflare-dns.com/dns-query (1.1.1.1)
h3://cloudflare-dns.com/dns-query (1.0.0.1)
I have Technitium on RPI 4 which works well with h3 and Quic 853. I still prefer to hide it in with 443 h3 traffic though not all providers support it. If you do go Technitium on an RPi4 minimum you will need the Libraries As already said cloudflared is not supported anymore!