I figured it out.
For IPv4 follow cloudflared (DoH) - Pi-hole documentation
For IPv6 follow that link with a couple modifications, because I couldn't get one instance of cloudflared to listen on IPv4 and IPv6 so I spun up another instance for IPv6:
Proceed to create a configuration file for cloudflaredv6
:
sudo nano /etc/default/cloudflaredv6
Edit configuration file by copying the following in to /etc/default/cloudflaredv6
. This file contains the command-line options that get passed to cloudflared on startup:
# Commandline args for cloudflared, using Cloudflare DNS
CLOUDFLARED_OPTS=--address :: --port 5053 --upstream https://[2606:4700:4700::1111]/dns-query --upstream https://[2606:4700:4700::1001]/dns-query
Then create the systemd
script by copying the following into /etc/systemd/system/cloudflaredv6.service
. This will control the running of the service and allow it to run on startup:
sudo nano /etc/systemd/system/cloudflaredv6.service
[Unit]
Description=cloudflared DNS over HTTPS proxy
After=syslog.target network-online.target
[Service]
Type=simple
User=cloudflared
EnvironmentFile=/etc/default/cloudflaredv6
ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTS
Restart=on-failure
RestartSec=10
KillMode=process
[Install]
WantedBy=multi-user.target
Enable the systemd
service to run on startup, then start the service and check its status:
sudo systemctl enable cloudflaredv6
sudo systemctl start cloudflaredv6
sudo systemctl status cloudflaredv6
And the upstream DNS settings for your Pi-hole:
In order to test IPv4 and IPv6:
dig @127.0.0.1 google.com A
dig @127.0.0.1 google.com AAAA
dig @::1 google.com A
dig @::1 google.com AAAA
In your router settings if you can set the IPv6 address for your DNS server, run ifconfig | grep fe80
. The IPv6 address block your ISP hands you may change, but this address is local to your network and should never change.