Enter multiple custom DNS-servers?

The issue I am facing:

Hello all,

does it actually make sense to use four different custom dns servers? I thought, if one fails, then three others are available. Or is it better to choose two servers and get IPv4 and IPv6 from both?

Thank you!

My DNS-Server

FFMUC (https://ffmuc.net/wiki/doku.php?id=knb:dns)
5.1.66.255
dismail (https://dismail.de/info.html#dns)
80.241.218.68
dnsforge (https://dnsforge.de/)
2a01:4f8:151:34aa::198
BlahDNS (https://blahdns.com/)
2a01:4f8:c17:ec67::1

Details about my system:
FritzBox 7590

DietPi v7.5.2
Device model : RPi B (armv6l)
CPU temp : 53'C : 127'F (Running warm, but safe)

You don't need any IPv6 DNS servers unless you run an IPv6-only network. An IPv4 DNS server can resolve all the DNS queries that an IPv6 server can resolve.

The way this works is that pihole-FTL chooses the best performer (which may not be predicated on a failure). It's generally a good idea to have more than one upstream server specified, in case one fails and that's the only one you are using.

https://docs.pi-hole.net/ftldns/dns-resolver/

And, even though we provide only four slots in the web GUI for custom upstream servers, you can manually edit file /etc/pihole/setupVars.conf and add as many as you like.

2 Likes

Thanks for your help @jfb :slight_smile:

Have assigned IPv4 addresses to the devices in my network, although I have also enabled IPv6 in the FritzBox. So, I can kick the IPv6 DNS servers?

By the way, I'm thinking of trying Unbound for the first time. Does this change anything for me then?

Do I then also enter only the IPv4 servers here?

forward-zone:
  name: "."
  # definitely censor free & log free with DNSSEC Support:
 forward-addr: 5.1.66.255   # Freifunk München

I had now installed Unbound directly from DietPi. There I adjusted my IP range in the Config again and entered the IP of Unbound (127.0.0.1#5335) into my PiHole Custom #1

This means that I no longer need to enter the DNS servers I mentioned above?
I continue to enter the block lists regularly via PiHole?
What should be displayed under dns-leak.com now? The IP of my RaspberryPi? Aktually its my Provider (Telekom).

Thanks

No. Unbound will equally work on IPv4 only.

Correct. Your local instance of unbound is now your upstream DNS resolver.

Yes. The blocking occurs in Pi-hole. Only those domains that are not blocked are forwarded to unbound for resolution.

Since unbound is running at your IP (it is on your LAN), the IP typically shows as your WAN IP or the IP of your ISP.

This will be fine.

1 Like

Thank you, I will now assume that I have set everything correctly.

root@DietPi:~# dig pi-hole.net @127.0.0.1 -p 5335

; <<>> DiG 9.11.5-P4-5.1+deb10u5-Raspbian <<>> pi-hole.net @127.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42792
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;pi-hole.net.                   IN      A

;; ANSWER SECTION:
pi-hole.net.            0       IN      A       3.18.136.52

;; Query time: 2 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1)
;; WHEN: Do Sep 09 14:46:33 CEST 2021
;; MSG SIZE  rcvd: 56

That appears to be the case.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.