Welcome to the Pi-hole community, scottharman.
Your debug log shows your Pi-hole has been successfully introduced into your network, with full IPv4 and IPv6 connectivty.
It is also positively receiving, processing, blocking and forwarding DNS queries, so your network seems to be configured to make good use of Pi-hole.
There a few configuration options that need attention and maybe additional tweaking, however.
Verify your Upstream DNS server for Pi-hole (click for more)
You seem to aim at using your local cloudflared client as Pi-hole’s upstream DNS:
Yet Pi-hole is forwarding to these servers instead:
It would seem that you have manually edited your
Pi-hole is creating that file during installation, to keep track of your choices, and to reflect on them during updates, but it is not meant for manual editing.
Don’t be fooled by Pi-hole’s UI to reflect your changes.
The following command is recommended to correctly and cohesively apply any settings:
and choose reconfigure.
Consider a different name for your local network.
.local is the default name used by the mDNS protocol as implemented by Apple’s Bonjour or Linux’ avahi software.
In case you have special use devices on your network (like a network printer, Time Capsule or AppleTV), this may potentially interfere with services these devices offer via mDNS.
If you are using your router as DHCP server, use of a ULA address is recommended, but you do not seem to use one. (click for more)
Your debug log shows no signs of a ULA address (
fd00:/8) so far:
There are three types of IPv6 address ranges that are relevant for you here (click for more)
While there is indeed much more to IPv6 addresses, we focus on the following for your network configuration:
||private network, same local segment only
||private network, potentially all local segments
||all networks - public Internet and private network
Global IPv6 addresses (
2000::/3) are commonly generated via IPv6 privacy extensions, making them temporary addresses that are valid only for a limited period (commonly 24 hours).
This translates in your Pi-hole being unreachable via its global address once that expires.
Luckily, your Pi-hole has a link-local address (
fe80::/10) as well.
This is possibly fine if you use a flat network at home, with all devices connected to the same segment (i.e. directly to your router by LAN or WiFi).
If you employ additional routing hardware like L3 switches, APs or other routers, devices that are join your network through them won’t be able to contact Pi-hole via its link-local address.
And that is where a ULA address comes in handy - it is stable (where your global IPv6 may change) and it is visible in all your home network segments (where link-local is restricted to exactly one).
If Pi-hole is set as DHCP server, the need to have a ULA address is diminished, as Pi-hole always announces its global IPv6 address automatically.
However, as you are not using your router as upstream DNS server, I don’t see anything that would suggest a DNS loop, unless your cloudfared would somehow send its queries to Pi-hole, or your router (while your router would use Pi-hole as upstream DNS server at the same time).
The latter would also apply to Conditional Forwarding, so make sure your router just uses DHCP to distribute Pi-hole as local DNS server.