How to configure Tailscale with Pi-Hole

3 minute read


Recently, I setup a Raspberry Pi 4 (rpi) with Pi-hole so that I wouldn’t get bombarded with banner ads while I surfed the web. It works great, but only if I’m at the house using my Wifi.

Pi-hole dashboard
Pi-hole admin dashboard

Now that the pandemic is nearly over and we can go and mingle outside, I want to be able to leave the house, yet not see any ads.

The simplest/old way of doing this is to create a VPN connection back to the rpi and then going about my business. I thought about setting up Wireguard on the Raspberry Pi but kept running into issues when setting up client keys.. The main issue probably being my own stupidity.

Then I remembered some tweets from people I follow mentioning Tailscale and how it provided them with a no hassle private network, so I thought I’d try it out. It’s been 24 hours and things are working great, so I decided to share this blog post.


Be able to access/use the Pi-hole server at home, when I’m out and about on someone else’s wifi, or using my mobile data plan.


  1. An account at Tailscale
  2. Tailscale client on your phone
  3. Tailscale client on your Raspberry Pi
  4. Pihole-FTL (DNS server) running/accessible to all active clients within your Tailscale organization.

Signing up and getting a client up and running on your mobile device is very simple, so I’m not going to get into it here.

Install Tailscale on the Raspberry Pi

I am assuming you have installed Raspian, or Raspian Lite on your Pi, and not some other flavor of Linux.

Start with the simple instructions on how to install Tailscale on a Pi .

Once the client is running on the Pi, go to your Tailscale dashboard and verify that all your clients are showing up properly.

tailscale machine list
Tailscale Machine List

Verify connectivity from one client to the other with a simple ping.

Tailscale ping
Tailscale Machine Ping

Reconfigure Pi-hole

Login to the Pi-hole admin interface, go to Settings -> DNS and make sure that interface listening behavior is set to Listen on all interfaces, permit all origins.

Pihole DNS Setting
Make sure the permit all origins is turned on.

Verify Admin Inteface is accessible via Tailscale IP

Pihole Admin
Notice the ip address is one that Tailscale assigned the rpi

You should also make sure that you can connect to port 53 of the Tailscale IP.

nc -v -z 53                                                ◉ ◼◼◼◼◻◻◻◻◻◻
Connection to port 53 [tcp/domain] succeeded!
 ~ ⮀

Configure Tailscale to use this rpi as the DNS server for all clients.

Now tell Tailscale to use this ip address as the Nameserver for all clients.

Tailscale DNS
Make sure the ‘override localdns’ option is set.

And you’re all set!.