Mar 21, 2020 1 min read

Pi-hole + NextDNS

Pi-hole + NextDNS

So I very recently blogged about using Pi-hole with dnscrypt-proxy. Where I was aiming for was Pi-hole to talk to dnscrypt-proxy which in turn would talk to NextDNS (via DNS over TLS). I couldn't find a way to do this, so instead resorted to Stubby.

Stubby

Installation was pretty simple:

  1. Install stubby via apt: sudo apt intall stubby
  2. Edit the file /etc/stubby/stubby.ytml
  3. Under the listen_addresses section change it to:
listen_addresses:
  - address_data: 127.0.0.1
    port: 5353
  - address_data: 0::1
    port: 5353
  1. Change round_robin_upstreams: 1 to become round_robin_upstreams: 0
  2. Change the upstream_recursive_servers section to be what is shown in your account under NextDNS. This is available under the Setup tab, and select Linux and then look for the Stubby section.
  3. Restart stubby: sudo systemctl restart stubby
  4. Setup/install Pi-hole
  5. In your Pi-hole instance, change your upstream DNS become 127.0.0.1#5353
  6. Test you configuration: dig @<pi-hole_ip> www.google.com (where <pi-hole_ip> is the IP address of your Pi-hole server).
Sean Wright
Sean Wright
Experienced application security engineer with an origin as a software developer. Primarily focused on web-based application security with a special interest in TLS and supply chain related subjects.
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to Sean Wright.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.