Setting up Pi-Hole with inbound DNS over TLS

I made this config so that my Samsung Galaxy Note 9 will have adverts removed when on mobile.

In order to get DNS over TLS working for incoming requests to Pi-Hole you will need 2 things ( Stunnel4 and Pi-Hole ). Lets start by installing Stunnel4 and then we will install Pi-Hole.

Update your server and install stunnel4

apt-get update
apt-get upgrade
apt-get install stunnel4 -y

Create the config file to setup stunnel

nano /etc/stunnel/stunnel.conf

Put the following in the blank config file. - Make sure to change the CERT and KEY line.

# cat /etc/stunnel/dot.conf
pid = /var/run/

accept = 853
sslVersion = TLSv1.2
connect =
cert = /root/ssl/
key = /root/ssl/
#CAfile = /etc/pki/tls/certs/ca-bundle.crt
#CApath = /etc/pki/tls/certs

Lets enable the service at boot timeā€¦..

nano /etc/default/stunnel4

change ENABLED to 1

Lets start the service

/etc/init.d/stunnel4 restart

At this time the Stunnel4 service should be working

Installing Pi-Hole

wget -O
sudo bash