abandoning Pi-Hole for cloudflared
I've been using Pi-Hole for a while and it just caused too many problems. Many shopping carts across the web would just fail. I need to run google ad campaigns and you can't get to the admin UI. Therefore I decided to move dns resolving back to my ER-X and instead use cloudflared to resolve DNS queries so CenturyLink has a harder time selling my browsing history.
I found a great post on how to do this at: https://reichley.tech/dns-over-https-edgerouter-x/ but it doesn't cover the v2 series of EdgeOS based on Debian 9. These are my quick notes on changes to their directions.
When you install a new update of EdgeOS, it overwrites all the default partitions such as /usr. Therefore I decided to store my files in
/config/user-data which is an area that persists between system updates.
On machine used to upload:
scp cloudflared user@erx:/config/user-data/cloudflared
I also decided to store a copy of config.yml in this directory before copying it over to
/etc/cloudflared/config.yml. That way after an upgrade I have less work to do.
EdgeOS v2 uses systemd instead of init.d for startup.
sudo cp /config/user-data/cloudflared/config.yml /etc/cloudflared/yml
/config/user-data/cloudflared/cloudflared service install
sudo vi /etc/systemd/system/multi-user.target.wants/cloudflared.service
Modify line to include pid info (not sure if we need this with systemd)
ExecStart=/config/user-data/cloudflared/cloudflared --config /etc/cloudflared/config.yml --origincert /etc/cloudflared/cert.pem --pidfile /var/run/$name.pid --no-autoupdate
sudo systemctl enable cloudflared.service
sudo systemctl start cloudflared.service
systemctl status cloudflared.service
Also /usr/sbin wasn't in my path, so I had to call tcpdump directly.
/usr/sbin/tcpdump -nXi eth0 port 443 and dst host 18.104.22.168
After an upgrade I should only need to do re-run a few of the steps above.
- Previous: Satellite Fun
- Next: I cut it twice and it’s still too short!