Setting up Pi-Hole with inbound DNS over TLS

I made this config so that my Samsung Galaxy Note 9 will have adverts removed when on mobile.


In order to get DNS over TLS working for incoming requests to Pi-Hole you will need 2 things ( Stunnel4 and Pi-Hole ). Lets start by installing Stunnel4 and then we will install Pi-Hole.

Update your server and install stunnel4

apt-get update
apt-get upgrade
apt-get install stunnel4 -y

Create the config file to setup stunnel

nano /etc/stunnel/stunnel.conf

Put the following in the blank config file. - Make sure to change the CERT and KEY line.

# cat /etc/stunnel/dot.conf
pid = /var/run/stunnel-dot.pid

[dot]
accept = 853
sslVersion = TLSv1.2
connect = 127.0.0.1:53
cert = /root/ssl/sesipod.info/fullchain.cer
key = /root/ssl/sesipod.info/sesipod.info.key
#CAfile = /etc/pki/tls/certs/ca-bundle.crt
#CApath = /etc/pki/tls/certs

Lets enable the service at boot timeā€¦..

nano /etc/default/stunnel4

change ENABLED to 1


Lets start the service

/etc/init.d/stunnel4 restart

At this time the Stunnel4 service should be working

Installing Pi-Hole

wget -O basic-install.sh https://install.pi-hole.net
sudo bash basic-install.sh