Update: "fail over" works just fine!
I finally had a window of time where everyone was out of the house, so I shutdown Pi-1 and Pi-2 did just fine on its own. (I suppose this really says more about the Ubiquity router's ability to seamlessly fail over to the Secondary DNS spec.)
Couple of things to I want to check, 192.168.1.3 is the main DHCP DNS server for you right?
In this block,
#pass strings in order for existing dhcp clients to keep IPs
sudo grep -q -F 'dhcp-host=00:00:00:00:00:00,192.168.1.2,StaticHost1' /etc/dnsmasq.d/04-pihole-static-dhcp.conf
sudo sh -c "echo 'dhcp-host=00:00:00:00:00:00,192.168.1.2,StaticHost1' >> /etc/dnsmasq.d/04-pihole-static-dhcp.conf"
echo "Done."
What exactly is the 192.168.1.2? Is that the backup dns dhcp server?
That is correct.
It is not. It’s a device that has a static ip asigned via the main dhcp server and upon lease expire, it will renew from the backup dhcp server (if still on), the same ip lease.
Thanks for the quick reply.
Any recommendation where to keep the script and how to schedule cron job?
Sorry if its the wrong place to ask this question.
You can keep it anywhere you want as long as you make it an executable and specify the right (full) path in your crontab.
Use http://crontab.guru for your crontab details.
Use crontab -e from underneath the root user to add the crontab entry.
Mine, checks every minute for any issues.
Works perfectly, thank you sir!
Commented out the lan reservation part as Google wifi can reserve any IP even if its not in its lan range but in the same subnet. Not sure if thats how other DHCP works so I use google wifi for all lan reservations even though it has range of just two ip address which are reserved for Pi1 and 2.
Edit: Is there a command to enable Enable IPv6 support (SLAAC + RA) as well on backup server?
just having a read up on having a failsafe Pi-hole within my network and could do with a little help please?
My pihole (pihole1) is acting as my DHCP server as, my ISP provided router does not allow manual setting of DNS servers.
I also have unbound set up on this pihole.
So, if I set up a 2nd pihole (Pihole2), I guess I would not need to have that serving DHCP leases, as pihole1 would have assigned an IP to devices which have a lease time? Correct?
Is there any means to 'dictate' that pihole1 is the primary DNS server, and use only pihole2 should pihole1 fail for some reason?
I'm thinking along the lines of a monitoring script similar to @RamSet has above, just more basic...along the lines of:
ping pihole1 every couple of minutes,
if there is no response
pihole enable on pihole2
else if pihole1 does respond
pihole disable on pihole2
If this 'automated' enabling and disabling of pihole2 is too messy / will not work, how does one handle which pihole network devices use?
Im also thinking about stats and data etc. How will I know which pihole has served the DNS request?
in the case of a blocked site I want to unblock for example?
also apologies for the hijack and long post!
That is the current/main logic behind it.
One thing to keep in mind though.
Pinging the host (only) does not guarantee an accurate state of Pi-hole.
The hot might be up and Pi-hole (FTLDNS) in error state...
That's why you need to add an extra check for
if {host} is up check for Pi-hole status
For the script above it would look like this:
if [ $count -eq 3 ] && [[ $check == *"offline"* ]]
Where $count is the number of pings and $check is the probe on the admin page.
Based on this condition, you can trigger the script to do certain stuff.
In my case, the script sends me a notification on each status change.
That's a cool thing to have but you need to keep in mind that if there are no "lock" files that register the notification state (only once per status change) it would send notifications, every time the scrip is executed.
That is correct, but it depends on how much time is allotted to the lease.
If you assign a 24h lease to the DHCP clients, and no new clients join during the outage, then you are set if pihole1 returns to a normal state in less than 24h. If the outage is > than your lease time, you might get a different IP assigned to the clients.
Passing the already assigned static IP reservations is a healthy way of handling the situation from a new device perspective. That way, the IPs don't get assigned by accident, by the new dhcp server, to the new device (since it had no record of an existing lease).
That has no relevance in the above setup/script.
No there is not.
It is better to run them in parallel.
Most OS' tend to listen to the "DNS1 as primary and DNS2 as fail-safe" however, it is a known thing that sometimes, queries go to DNS2 even if DNS1 is online.
If however DNS1 is down, all queries will go through DNS2.
Here is an alternate solution that doesn't require monitoring scripts - have both Pi-Holes serve DHCP on non-overlapping ranges. Clients can get an IP from either Pi-Hole. Set static IPs for the Pi-Hole at some low part of the IP range (<10). Pi1 DHCP range 50-100, Pi2 DHCP range 150-200, for example.
During the DHCP handshake, have each Pi-Hole provide the IP of the opposite Pi-Hole as a second DNS. Each client will now have the DNS for two Pi-Holes. There is no active load-balancing; clients will use either or both Pi-Holes as long as they are both up. If either Pi-Hole fails, the clients move seamlessly to the other.
Thanks for the explanation.
I think this is both exactly what I am looking for and not looking for at the same time.
The reason being maintenance of 2 Pi-Hole, and stat gathering / analysis. Specifically thinking of needing to whitelist a domain....I'd not know which Pi-Hole served the DNS request?
In terms of DHCP leases, are they dished out in numerical order? So if pihole1 is set to use range 50-150, would that prioritise over pihole2 at 101-250 for example? I thought not?
Thanks also for this.
Makes much more sense to me now and I may try and run in this manor, as well as how @jfb explained below to see which best suits my needs.
I think a power pack is also need on at least one pi, in case of a power outage.
Any recommendations?
I run two Pi-Holes in parallel, with the router providing DHCP. I find that in my network (Apple routers), that clients tend to stay on the first DNS provided to them by the router. The only time they jump is when that Pi-Hole is down, and then they move back when it's up again. So, I just look in that Pi-Hole if something needs to be listed.
I don't know. However, I am sure you are up to an experiment. Try both setups, see which works best for you, and let us know the advantages/disadvantages of each.
In my case I run a 1h lease time (lots of traffic on my network with new devices and monitors for new leases).
I am running all important devices on a couple of APC UPS' that provide me roughly 4 hours of juice (each)during a power outage.
I have two Pi-3B+ with an 8 port switch, router and modem on a decent sized home/small office UPS) (maybe 650 VA?). This will run those devices for a few hours during a power loss.
For the Pi alone, you can get a battery backup hat that's pretty nice. It doesn't keep the Pi running, but it gracefully shuts it down. With my UPS, the Pi doesn't shut itself down as the UPS nears exhaustion.
Part of my 'problem' is my router is very locked down by my isp, so I can't manually configure the DNS server on the router. Most annoying.
I admire your optimism in my ability 
I also run a 1 hour lease time, but traffic in my network is, I would say in comparison to others, minimal, maximum 20 devices at any one time, normally lower and very few 'new' devices.
Interested in how you monitor for new leases though?
That deviates this topic from it's intended purpose.
I can share that too.
It involves dnsmasq and push notifications.
Fair one, feel free to drop me a message
What I do is I make a 1:1 block copy of my pihole base once it is setup. This way if anything was to happen to my Pi (SDcard) I can simply write the full image back to any SD card of my choosing (the size of the block copy) and be back up and running.
I use Win32 disk imager and keep the image in a safe place.
All methods above are good too. I am actually going to try some as well!
That's my 2 cents.
Love Pi-Hole, love the community. Stay safe out there everyone!
