I have an asus router with a pi-hole on the network.

I was doing some work on my server and noticed that when pi-hole was down, I couldn’t access the internet. I was looking for some ideas online how to deal with this, but they said to have a second pihole on the network in case one is offline. Is that the only way to do it? Is there any way to have the network go back to normal if the pihole is offline?

  • Bizarroland@kbin.social
    link
    fedilink
    arrow-up
    1
    arrow-down
    6
    ·
    10 months ago

    Yeah, looks like you don’t know what you’re talking about.

    The second ipv4 DNS address is for redundancy and every network connected system will use the first one as long as it responds.

    It’s perfectly fine to have a single pihole and use something like quad9 as a failover in the unlikely event that your pihole goes down unexpectedly.

    • Encrypt-Keeper@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      10 months ago

      Actually they do know what they’re talking about. Configuring DHCP with multiple DNS servers isn’t for failover, it’s for redundancy. The result is ultimately operating system dependent, but modern Windows operating systems will query all configured DNS servers in parallel and will accept the first answer it receives. So if you configure your Pihole as one DNS server and a public DNS server as a second, a lot of your traffic will just bypass your Pihole ad filtering entirely.

      • Bizarroland@kbin.social
        link
        fedilink
        arrow-up
        1
        arrow-down
        4
        ·
        10 months ago

        Proof?

        I read 15 different sites about DNS and not a one of them claimed anything like this. They universally all stated that your network attached devices would use the 1st one unless it didn’t respond and only use the 2nd one if the 1st one did not.

        So once again, I ask “Can you send me some more information on this” and not just claim it without any backup information?

        I apologize if I am coming off rude, just my BS meter is getting close to the red zone and I would really appreciate some reliable evidence.

        • Encrypt-Keeper@lemmy.world
          link
          fedilink
          English
          arrow-up
          7
          ·
          10 months ago

          The best proof would be to just try it yourself and see what happens. Load up Wireshark, make a query, and look at your traffic. Because the problem is there isn’t a single technical article I can point you to that details exactly how DNS resolution works on every device running any given operating system. “Network attached devices” could be anything and so you can’t be certain exactly how each device will operate.

          I’ll give you that in the case of Windows devices specifically, Microsoft isn’t good at keeping documentation up to date, and on older version of windows it used to work the way you describe. It would send the request to your first DNS server, wait one second for a response, and only if it didn’t get one would it move on to your next one. However in Windows 10 today if I edit my configuration so that I use a local DNS server located at 192.168.69.210 as my “Preferred” DNS server and 1.1.1.1 as my “Alternate” DNS server look what happens:

          It sends the same request out to both without waiting and the response from Cloudflare actually comes in before the one from my local DNS server. So if this were a request for a blocked domain, the client would accept the response from Cloudflare because it was received first and so the request wouldn’t be blocked.

        • B0rax@feddit.de
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          10 months ago

          If what you said was true, my secondary Pi-hole wouldn’t have to respond to any queries. But it in fact gets quite a lot of them. As the other poster has said, it is about 80/20 for 1st and 2nd pihole. Sometimes the ratios are different, depending on the time of day (don’t ask me why….).

    • Andi@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      10 months ago

      Run two and check the logs. You’ll see about 20% of your requests will log on the second instance. So currently, that’s 20% of your DNS requests not being filtered.

      You’ll also find some devices just latch on the the second and never use the first - again, in your scenario, these are not being filtered.

      • BarbecueCowboy@kbin.social
        link
        fedilink
        arrow-up
        2
        ·
        10 months ago

        I can back this up with experience.

        I’m actively running two piholes for years now. About 2/3rds of my traffic does go to the primary and some seem to ‘lock on’ to using just one, but most devices will swap between the two at their leisure.