CNAME, running two Pi-Holes together


#1

My upstream server is a second pihole (V4.0), ofcourse with an other IP, which next is 1.1.1.1, so i control my first Pihole with a second Pihole, and ofcourse in the second one this domain is in gravity as well, i deleted in the blacklist on both this afternoon.
I asume you are specialists on this, i am just a #ham like you seems to be (best 73 :slight_smile: )
I don’t know exactly what CNAME means to do, what i wonder about my big list of the log, ones it’s blocked and before, and after it’s not blocked. It is not a garantee, if the domain is in the blacklist that 't’s blocked, in this case anyway.


Domain being blocked but shown as not blocked in query
#2

A CNAME is a canonical name (essentially an alias) for a web address. If you have a blocked domain (cat.com), and you ask for cat.com, Pi-Hole will find this in the block lists and will return whatever you have specified in your blocking mode (typically NULL or 0.0.0.0).

Let’s assume there is another domain (feline.com), and you request it and it’s not in a block list. If feline.com leads through a CNAME to cat.com, then cat.com won’t be blocked by Pi-Hole. Pi-Hole only checked at the beginning of the request to see if feline.com is blocked. It was not, so Pi-Hole sends a request for feline.com to the upstream DNS server. The DNS server looks for feline.com, finds that it is a CNAME for cat.com, then gets the address for cat.com and returns it to the Pi-Hole.

Here is an example. The final domain is nothing like the original domain, but even if the final domain is on a block list, its IP will still be returned to Pi-Hole and not blocked.

dig www.walmart.com

;; ANSWER SECTION:
www.walmart.com.	4	IN	CNAME	www.walmart.com.edgekey.net.
www.walmart.com.edgekey.net. 9326 IN	CNAME	e4373.x.akamaiedge.net.
e4373.x.akamaiedge.net.	5	IN	A	23.4.14.100

#3

Thanks for reply jfb, and your explanation about CNAME !
The second pihole, just fun jfb, testing, and it’s a kind of a backup if i ruine one :slight_smile:


#4

I would run them parallel and avoid cascading errors that way.


#5

what you mean msatter ? secondary DNS the other pihole ?


#6

Run the two Pi-Holes in parallel, not series. Configure them the same. Pi1 has IP1, Pi2 has IP2.

Then tell your router to use for DNS - IP1 and IP2.

Each Pi-Hole uses external DNS servers for upstream, and neither uses the other. This way, if either Pi-Hole fails or stops responding, the clients will shift to the other.


#7

My router is my DHCP, means my ADSL modem/router/gateway, fritzbox 7360 with fritzos 06.30.
So i don’t understand what to do in my router for DNS settings, not clear for me, i am sorry.
If i use primary DNS 192.168.178.25 ,first pihole, and secondary DNS 192.168.178.44 as second pihole, and point the first Pi to cloudflare and the second to google ?


#8

That would do it.


#9

Done immediatly, thanks jfb for the fast reply, you hear from me later what the results are , it’s just before midnight here, tomorrow new logfiles :slight_smile:


Domain being blocked but shown as not blocked in query
#12

It runs now parallel for almost 2 days, i don’t see any difference in de pihole.log, sometimes it is blocked, and sometimes not
And dig the domain:


There is no CNAME.
I get confused … :wink:


#13

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.