Photo of Nils Streedain

Nils Streedain


Pi-Hole and Cloudflare logos over a gradient

Setting Up Pi-hole with Cloudflared

How to set up Pi-Hole with Cloudflared and AutoUpdating Blocklists

Page view count

Jun 09, 2021
Updated Oct 04, 2021

By Nils Streedain

Before getting started:

  • Create a fresh install of Raspbian (or your prefered distro) with ssh enabled
  • Connect your Raspberry Pi (or another preferred computer) to your network
  • ssh into the device

Update Raspberry Pi

sudo apt update
sudo apt full-upgrade

Change Raspberry Pi Password



sudo raspi-config

Set Raspberry Pi Country (raspi-config > Localisation Options > WLAN Country)

Change Raspberry Pi Hostname (raspi-config > System Options > Hostname)

Setup Cloudflared

Install Cloudflared

tar -xvzf cloudflared-stable-linux-arm.tgz
sudo cp ./cloudflared /usr/local/bin
sudo chmod +x /usr/local/bin/cloudflared
cloudflared -v

Configure Cloudflared

Create/open Cloudflared configuration

sudo mkdir /etc/cloudflared/
sudo nano /etc/cloudflared/config.yml

Paste the following:

proxy-dns: true
proxy-dns-port: 5053
  #Uncomment following if you want to also want to use IPv6 for  external DOH lookups
  #- https://[2606:4700:4700::1111]/dns-query
  #- https://[2606:4700:4700::1001]/dns-query

Finally, install and start Cloudflared Service

sudo cloudflared service install --legacy
sudo systemctl start cloudflared
sudo systemctl status cloudflared

Update Cloudflared weekly

Create a monthly cron job called updatecloudflared

sudo nano /etc/cron.weekly/updatecloudflared

Paste the following:


# update Cloudflared root list
sudo cloudflared update
sudo systemctl restart cloudflared

Make it executable

sudo chmod +x /etc/cron.weekly/updatecloudflared

Setup Pi-Hole

Install Pi-Hole and follow the steps in the user interface

Make sure to set the upstream DNS to for IPv4 and ::1#5053 for IPv6

sudo curl -sSL | bash

Change default Pi-Hole password

sudo pihole -a -p

Setup Auto-Updating BlockLists

Install pihole-updatelists and it’s dependacies

sudo apt-get install php-cli php-sqlite3 php-intl php-curl
wget -O - | sudo bash

Configure pihole-updatelists

sudo nano /etc/pihole-updatelists.conf

Blacklists (exact):

  • Very Safe - No false positive (What I Recommend):
  • Somewhat Safe - Rare false positives (What I use):

Blacklists (regex):

  • Some false positives, whitelist recommended:
  • Blocks TikTok domains:

Whitelist (exact):

  • Recommended Whitelist:
  • My Whitelist:

Whitelist (regex):

  • My Whitelist: Update pi-hole lists
sudo pihole-updatelists

Update pi-hole lists daily

Create a daily cron job called updatelists

sudo nano /etc/cron.daily/updatelists

Paste the following:


# update Pi-Hole lists
sudo pihole-updatelists

Make it executable

sudo chmod +x /etc/cron.daily/updatelists

Pi-Hole Beta

pihole checkout ftl release/v5.9
pihole checkout core release/v5.4
pihole checkout web release/v5.6