How to Enable DNS over TLS on pfSense with Cloudflare

Typical DNS is unencrypted which can be concerning especially when the traffic leaves your home network, as anyone along the way can read and intercept your DNS queries. The solution to this of course is encrypted DNS via DNS over TLS and DNS over HTTPS. Unfortunately not all devices support DoT or DoH yet and setting it up on a per device basis can be a pain, luckily pfSense can act as a DoT resolver converting your unencrypted DNS traffic to encrypted traffic whilst also making your DNS faster as results are cached locally as well as optionally providing DNS for internal services. Fortunately this is extremely fast and easy to set up and this guide will walk you through that. In this example I will be using Cloudflare as my upstream DNS forwarder as they are the fastest in my area but you can use any DNS provider which supports DNS over TLS just substitute the hostname and server address