Cloudflare Tunnel and Pihole DNS

I’ve been using Wireguard to allow me to access my home network and also provide ad-blocking while I’m away from home. I discovered Cloudflare Tunnels and I immediately set it up as I don’t need to open any ports this way.

Is there a way to set the DNS server to be my home network? I know I can individually set local domain fallbacks, but I’d like this to happen for every request so that Pi-Hole can perform its ad-blocking.

Thank you for any help you can provide and I hope my question makes sense.

Just wondering if anyone had any thoughts. Cheers.

I can’t include links but look up “Cloudflare warp manual-deployment”. Near the bottom there’s a section on android.

You might be able to use the app to connect your phone to your home network, then change your phones dns to the pihole.

You ever figure this out? I’ve looked all over and I don’t see a way to tell the WARP client to use a DNS server on one of the private networks. Only option is the local domain fallback, which obviously is useless for what we’re trying to accomplish.

Having the same requirement, i want all DNS requests redirect to a specific server. But this is not possible by design.

My workaround is to add all TLDs in local domain fallback list per API (one command). It’s working for now, but it’s not really a nice solution…

Hey, I want to do the same thing, I’ve seen you said in another thread that you had a script to do this? Could you send me the script? I would’ve asked you via DM, but didn’t see a way to DM you on here.


seems that DM is not possible here, didn’t knew that either.

I wrote a small PHP script to build and execute the curl command. Essentially it’s one API call with all TLDs and the respective DNS server. I documented the steps here:

As said, it’s not the best soution. But works on my tested mobile clients (Android). Of course, you also need a network policy for your DNS server IP to be reachable from your WARP clients.
Use case for enterprise is, to control and monitor DNS requests (Sophos ATP + Security Heartbeat) and DNS sinkhole (Pihole etc.).

Hope that helps!