Access a Pi-hole from anywhere
One common use of a Raspberry Pi is to run a Pi-hole, a DNS-based ad blocking services. A typical setup is to have a Raspberry Pi in your house running Pi-hole, acting as the DNS server for your local Wi-Fi network.
This works great when you’re at home. However, it only works when you’re at home. If you want to use your Pi-hole to block ads from anywhere, you need to be able to connect to your Pi-hole from anywhere.
The most obvious way to do this is to run a Pi-hole in the cloud.
Without a lot of precautions, this is a bad idea: Unscrupulous actors can use your Pi-hole to attack other parts of the internet.
You also have to pay for and trust a cloud server. Part of the charm of the Pi-hole is that it is cheap and easy to buy your own Raspberry Pi, set it up, put it on a shelf, and forget about it.
Tailscale lets you easily and securely connect all of your devices. It lets you pick a DNS server to use. And that’s all you need!
You don’t need to pay for Tailscale—this is possible on the Free plan!
SSH into the Raspberry Pi, and install Tailscale with a single command:
curl -fsSL https://tailscale.com/install.sh | sh
Alternatively, we provide manual installation instructions for Raspberry Pi.
tailscale up, you’ll need to pass the
Pi-Hole uses DNS servers configured within Linux as its upstream servers, where
it will send DNS queries that it cannot answer on its own. Since we’re going to
make the Pi-Hole be our DNS server, we don’t want Pi-Hole trying to use
itself as its own upstream.
tailscale up --accept-dns=false
Once installed, and you’ve run
tailscale up --accept-dns=false on your Raspberry Pi, continue on.
We have easy installation instructions for any platform:
Since we want our network-wide DNS to override any local DNS settings that devices have, make sure you enable the Override local DNS toggle after adding your Raspberry Pi’s Tailscale IP address.
Tailscale occasionally requires you to re-authenticate your machines, to keep your network secure. To avoid DNS interruptions when that happens, visit the Machines page of the admin console to disable key expiry on your Raspberry Pi.
That’s it! Now whenever you are logged in to Tailscale, that device will automatically use your Pi-hole for DNS.
If your Pi-hole is blocking something you need access to, you can temporarily bypass it by disconnecting from Tailscale, and reconnecting to your tailnet when you are ready.
Once you are set up with Tailscale, you might want to explore other possibilities, like using Taildrop to send files from one of your devices to another, or making your own privacy VPN by using your Raspberry Pi as an exit node.
You can share your Pi-Hole with friends using Tailscale. Follow our how-to guide on sharing nodes with other users. Once you’ve shared your Pi-Hole and your friends have accepted the invitation, they can follow Step 3 from this guide to add it as a DNS server in their network too.
In the Pi-hole Admin page in Settings > DNS, make sure that Listen on all interfaces, permit all origins is selected.
Tailscale traffic comes in on the tailscale0 network interface, so this option is needed to allow your Pi-Hole to respond to Tailscale-based DNS traffic. When using this option, make sure your Pi-Hole is properly firewalled.