The current documented way sucks.

It is bloated with many unnecessary instructions. If all you want to do is use cloudflared to forward your DNS requests securely to the provider of your choice, it is actually quite simple. Just add install via the repo, create the service, and enable it.

1. Install cloudflared

Go to and add the repository to your distribution following their directions. This way it updates with apt.

2. Create the service configuration

You want to create a configuration that tells the automatic service how to run. Create the file using sudo nano /etc/systemd/system/cloudflared-proxy-dns.service and paste in the following information:

Description=DNS over HTTPS (DoH) proxy client
ExecStart=/usr/local/bin/cloudflared proxy-dns --port 5053 --upstream 

after --port 5053 --upstream, paste the URL of the DNS-over-HTTPS endpoint you want to use, like

3. Enable the service

Run sudo systemctl enable --now cloudflared-proxy-dns

4. Change the DNS in PiHole

Change the DNS server in settings so that the only server is

That’s it. You don’t need extra users and permissions or another binary you will forget to update. This will auto run on system startup and update with the rest of the OS and packages.