The original post: /r/pihole by /u/benuski on 2024-11-05 00:14:35.

Hello! This may be common knowledge, but I wanted to share my configuration that sets up Unbound to forward queries to an upstream provider using DNS over TLS. There is a guide on the Pihole site for cloudflared, but as team members said in the comments here that this is only because someone wrote it and made a pull request for it to be integrated.

I started with the basic Alma Linux LXC container and the provided Unbound configuration provided on the Pihole docs site, and added the DNS over TLS configuration at the bottom.

 # TLS settings
 tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

Forward all queries over TLS

forward-zone: name: “.” forward-tls-upstream: yes # Cloudflare DNS over TLS # forward-addr: 1.1.1.1@853#cloudflare-dns.com # forward-addr: 1.0.0.1@853#cloudflare-dns.com # Quad9 DNS over TLS forward-addr: 9.9.9.9@853#dns.quad9.net forward-addr: 149.112.112.112@853#dns.quad9.net

By default, this setup does not fallback to recursive resolution of DNS requests by the root nameservers, though you can configure to do so if you wish.

Hope this helps, and any tweaks or suggestions are welcome!