i was going to post under help but I don't think this is necessarily a bug.
Also, i have genuinely searched for this topic but found nothing.
So, if the query answered stats are accurate, I'm getting an approx 11%:47% split of queries answered by the 2 external DNS servers I've configured for pihole.
This seems like an imbalance.
How does pihole handle external lookups then?
Does it query with both servers each time or what?
Or does it check which one seems to respond most quickly and preference that?
Or does it alternative between the different servers?
As explained in the V4 documentation referenced below, "We keep using the fastest responding server now for 1000 queries or 10 minutes (whatever happens earlier) "
There is a detection algorithm in FTLDNS, and it favors DNS requests to the upstream server that is performing the best. Upstream DNS server performance is highly dependent on your location and the location of the DNS servers, including the path between you and them.
If you only have one upstream server selected, there is no choice but to use that one. If there are options, the best performer will rise to the top.
Note this is not Pi-Hole showing favoritism to any specific DNS server - the algorithm is blind in that it only knows the relative performance of the upstream servers that you have chosen, and favors the best performer.
I have tried almost all of the upstream DNS servers at one time or another, including all of them at once on a Pi-Hole. For my location, Cloudflare has consistently been the fastest, so that's what I use on that particular Pi-Hole.
This makes perfect sense. I'd already reflected on potential performance metrics and distance to server & loading + presumably the ability to actually return the lookup must 'shape' how its performance is regarded.
I didn't think that pihole showed any favouritism beyond the best performing server. I just wondered on how it calculated this and how it load balanced.
I'm sorry that i missed the info in the documentation. I did honestly look for an answer before posting.
I used a DNS benchmarking utility i found (to select a high performing server) and also recently read about cloudflare's cached retrieval performance, so thought I'd try them.
Seems like my custom one performs pretty well (maybe because it's not got the profile of cloudflare).
I'm a fan of unbound. The two Pi-Holes that serve most of my network use this as the upstream server. Avoids using any of the third party DNS servers.
But, as a test starting today, I'll take the Pi-Hole that I test with (serves this computer and one other) and put it on all the commercial DNS providers and see where the balance shakes out. Interesting experiment.
I'd be interested to see how my ISP's DNS server stacks up. After I figure out which of the third parties is fastest where I live, I'll put that head to head against the ISP DNS.
p.s. easy to miss something in the documentation, particularly if it's not a feature that catches your eye.
had to look up unbound. Why do you like it? Just because of in theory its agnostic alignment?
What a super idea to test all the servers! I didn't realise i could select all of them. I guess i just picked the ones i thought perform best or perhaps ethically were good (e.g. openDNS).
Btw, if anyone is interested, I've been doing my DNS benchmarking using "dns benchmark" (free tool from GRC, of shields up fame).
It also might be beneficial to do what it suggests and compile a list of DNS servers relevant for your location (to then test). I think it has a global list and then takes the top 50 or something. Test took about 30 mins to compile the shortlist.
normal tests probably take 3-4 mins.
Finally, yeah, documentation needs to be read too in the first place I did have a quick look at the changelog but didn't peruse the main body of info (didn't actually realise it was there).
That didn't last long. I selected all of the primary DNS providers, flushed the logs, restarted pihole-FTL and then went out and started loading websites I don't normally visit (primarily news links) so nothing would come out of cache.
This was the selection of DNS servers:
And this was quickly the result. In my area, Cloudflare quickly rose to the top.
unbound does the resolving from my Pi, within my own network, with no involvement of any upstream DNS providers. Nothing being logged, no potential commercial interests to do whatever with my DNS query history. Plus, surfing a regular selection of sites, much of what I am looking for is in cache and it's quite fast.
Now, when I narrow the field to Cloudflare (first round winner), and my local ISP DNS, the ISP DNS got all the action, which is not surprising given that they are but one hop away (and a short hop at that).
To keep things fair, I cleared DNS caches from my computer, cleared caches from my browser, cleared logs in Pi-Hole and restarted pihole-FTL prior to test start.
I put two of the ISP DNS addresses in - one they advertise on their website as their DNS, the other what they provide my router if I have it ask the ISP for DNS (that's the cdns2 address).
That last one got all the traffic, not surprisingly.
My conclusion - typically ISP DNS is going to be the fastest, and if they don't filter it and you trust them with your DNS history, that's the one to use.
Any reason why you didn't select the secondary servers too?
It occurred to me that they might get under utilised, since (i'm presuming of course but thought) people might well select primary servers.
Regarding your testing too - i'm assuming you'd take breaks between tested websites, so that you give time to pihole to reset (i.e. let the 10min window elapse) and potentially a new DNS server can be selected.
You'd probably want to sample at peak load times, just to see if your ISP DNS server gets overloaded.
I'm with an ISP who are quite cheap, so I'd not be surprised if DNS resolution slows down at peak usage.
Such an interesting exercise!
This is after i think around about 16 hours of uptime (and since i flushed logs, my host DNS cache, etc)
oh - possible bug - note the 2 different entries for cloudflare in the pie chart. I'm assuming they're the primary and secondary servers (despite the same name), otherwise, why would the same server have different entries?
It was just a quick test (totally unscientific and just to illustrate a feature), so I only selected the left column. I didn't take breaks and let the counter timeout, but in my experience once it finds a faster DNS server it tends to stick with it.
I wouldn't know what peak load times would be for an upstream server, because it might be accessed from all over the world. It's likely that they're relatively local, but I don't know that.
I do run Cloudflare primary and secondary on one Pi-Hole and they're somewhat balanced over the last 24 hours.
you're correct. The secondary cloudflare server just got picked up by my pihole for name resolution. The pie chart legend held the IP (1.0.0.1) before it resolved it, so i know it was their secondary server.
Interestingly, having flushed the logs again, my custom DNS nameserver (not my ISP) was preferred this evening (i'm guessing peak hours). I've deliberately left gaps in my internet usage to try and allow for nameserver swaps.
Logs were wiped and pihole cache reset around 19:50 (time is now 22:25ish) and 706 queries received by pihole from clients.
I did have a quick look at the changelog but didn't peruse the main body of info (didn't actually realise it was there).
