Can't use VIP as DNS. pihole + keepalived

Help Community Help
1

Hello. I just set up a second instance of pihole with unbound and gravity sync, and tried to make it highly available with keepalived. I am not sure if the issue is with pihole, keepalived or some interaction of the 2, but I can't seem to route dns requests through the VIP.

Both pihole instances seem to be functioning as expected on their own:
pihole01:

$ dig google.com @192.168.0.249

; <<>> DiG 9.18.27 <<>> google.com @192.168.0.249
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37686
...

pihole02:

$ dig google.com @192.168.0.247

; <<>> DiG 9.18.27 <<>> google.com @192.168.0.247
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62745
...

but testing the VIP, it is pingable and I can even ssh and access the pihole webui with it, but I am unable to run dig:
VIP:

$ ping 192.168.0.245
PING 192.168.0.245 (192.168.0.245) 56(84) bytes of data.
64 bytes from 192.168.0.245: icmp_seq=1 ttl=64 time=0.490 ms
64 bytes from 192.168.0.245: icmp_seq=2 ttl=64 time=0.393 ms
64 bytes from 192.168.0.245: icmp_seq=3 ttl=64 time=0.469 ms

$ dig google.com @192.168.0.245
;; communications error to 192.168.0.245#53: connection refused
;; communications error to 192.168.0.245#53: connection refused
;; communications error to 192.168.0.245#53: connection refused

; <<>> DiG 9.18.27 <<>> google.com @192.168.0.245
;; global options: +cmd
;; no servers could be reached

my /etc/keepalived/keepalived.conf on both piholes are as follows:
pihole01:

vrrp_instance VI_dns {
    state MASTER
    interface eth0
    virtual_router_id 55
    priority 150
    advert_int 1
    unicast_src_ip 192.168.0.249
    unicast_peer {
        192.168.0.247
    }

    authentication {
        auth_type PASS
        auth_pass <secret>
    }

    virtual_ipaddress {
        192.168.0.245/24
    }
}

pihole02:

vrrp_instance VI_dns {
    state BACKUP
    interface eth0
    virtual_router_id 55
    priority 100
    advert_int 1
    unicast_src_ip 192.168.0.247
    unicast_peer {
        192.168.0.249
    }

    authentication {
        auth_type PASS
        auth_pass <secret>
    }

    virtual_ipaddress {
        192.168.0.245/24
    }
}

Checking the status of the services shows no error.
I am not sure where else to look for errors so if anyone could point me in the right direction that would be greatly appreciated.
Thanks.

2

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.