High availability (HA) for Pi-hole (running two Pi-hole's)


#1

Migrating this feature request from GitHub:

I’d love to see the option of running multiple PiHoles in your network and a means to keep all of them in sync (whitelists, etc). Ideally, only one would serve the Web Interface, and it would show stats for multiple PiHoles. (the other PiHoles could be “satellite” PiHoles or something)

The use case is the following: I have PiHole running flawlessly in an Ubuntu Server 16.04 VM in Hyper-V. But this is a single point of failure - when I reboot my Hyper-V host for updates, for example, the PiHole goes down. I want to implement a Raspberry Pi as well, so clients have a “backup” DNS that’s also a PiHole. As it stands now, the backup DNS servers are just Google’s 8.8.8.8 and 8.8.4.4, but I’d love the opportunity to make more PiHoles and minimize management overhead.


Running two Piholes?
Two Pi-hole install in different machines
Secondary DNS Server for DHCP
Running 2 pi holes on my network?
Router settings
#2

In the meantime, if you’ve got a passwordless SSH login where you can put the private key within /root/.ssh/, you can have something like this as a cron job to keep the secondary Pi synced:

Perform maintenance on secondary Pi if online

pi=$(timeout 0.2 ping -c1 192.168.1.2 &> /dev/null && echo “0” || echo “1”)
if [ “$pi” -eq 0 ]; then
cd /etc/pihole/
ssh -i /root/.ssh/id.pi "pi@192.168.1.2" “[ ! -f ‘~/pihole’ ] && mkdir ~/pihole"
scp -i /root/.ssh/id.pi adlists.list *list.txt setupVars.conf .domains pi@192.168.1.2:~/pihole
scp -i /root/.ssh/id.pi /etc/dnsmasq.d/03-pihole-wildcard.conf pi@192.168.1.2:~/pihole/03-pihole-wildcard.conf
ssh -i /root/.ssh/id.pi "pi@192.168.1.2" "sudo mv ~/pihole/03-pihole-wildcard.conf /etc/dnsmasq.d; sudo mv ~/pihole/
/etc/pihole"
ssh -i /root/.ssh/id.pi "pi@192.168.1.2” "pihole -g"
fi

Unfortunately, the indenting is broken here :frowning:


#3

We would like to setup two servers with pihole behind a load balancer for failover/capacity/redundancy.

One sticking point we have is the IP address that is cached on the downstream DNS client. If one of the pihole servers goes down, the clients would see a “Could not be found” message instead of a blank box where the ad used to be.

If we were able to set the IP address of the blocked domain to the VIP of the load balancer instead of the PI itself, this would solve the problem as the load balancer would failover to the working node.

If you could implement an option in the Settings page for a Custom Blackhole address, it would be much appreciated.


#4

A possible solution is to manually edit the /etc/pihole/setupVars.conf file and to change the IP addresses to the one of the load balancer. Run pihole -g afterwards and all ads will point to the changed IP afterwards.


#5

I have tried your suggestion, it does not work.


#6

I run two Pi-holes . In case one dies, and a VM if one dies I do not lose connectivity to the world. It would be nice to net mask the DNS queries to a cluster of Pi’s to accept the DNS requests. Also if you have three Pi-holes running each has stats. It would be nice to have all the stats shared. Thanks


#7

I am planning to stand up a second Pi-Hole for DNS redundancy and would like to view combined stats & manage both my primary and secondary Pi-Hole through a single interface. Is there a possibility that an option could be added to the Management interface that would designate a secondary (backup) Pi-Hole for these purposes?

Thanks!


#8

I don’t see this as a truly “enterprise” feature. Pis can be a little finicky sometimes, and they don’t like having their power cut. I keep mine running on a UPS, but not everybody does. Since the PiHole is your DNS, and potentially your DHCP server as well, when it freaks out, it takes out the internet for the whole house. As such, I’d love to double (or triple) my PiHoles, but synchronizing the settings is kind of a must. Think of three Pi Zero Ws in a triple-stack case (https://www.amazon.com/gp/product/B06XCK7G2R). Have you ever seen triple-redundant network infrastructure in so little space?

For now, I just open three tabs and apply the settings in parallel, but when one of the Pis dies (and they do sometimes), I have no choice but to “eyeball” the settings back in to the freshly-rebuilt server. It’s a pain.


#9

That triple stack is SICK! Sorry to jump off of the discussion. Back on subject, I run two Pi-Z-W’s for DNS and would love them to be in sync for their blocking hosts.


#10

bring this thread back from the dead, any progress on this?

Since you can now export the while/black lists i guess one can manually import and export from 1 pi to the other.

My next question, the second pi i will be using will be a pi2 with the main pi being a pi1, will i run into any trouble transferring the lists between the 2?


#11

I am also looking at HA. Currently, I have 2 Pi and one Nginx in front as load Balancer. Issue is, I have to manually login into each pi to make changes. My offices are globally distributed and would love each zone to have their own ad filter.

Ideal pi for me woud be:

sql on Aws RDS.
Files hosted on Aws EFS or a Gluster shared volume

I could cook up multiple VM’s globally and install the necessary softwares. If I make change in one pi-hole, it reflects in everyone. Imagine someone with 40 offices worldwide and each office has its own pi-hole VM.


#12

This is not yet a high priority, but with some changes coming down the line this might be easier to implement (removing the PHP dependency on the web interface, new changes to the FTL API, etc)


#13

I have tried but unfortunately not working as expected


#14

What is not working as expected? I see in both of your Pi-holes that there are queries, although they are not equally distributed. For what do you use the WAN DENY rules?


#15

Very crude but I wouldnt call it load balancing :smiley:
Nice effort though!
Here is a free load balancer (Zen) that could be used for Pi to put some logic behind the LBing like for example “Round Robin”:

apt-get install git
cd /usr/local
git clone https://github.com/zevenet/zlb.git
cd /usr/local/zlb
./zlb-debian-installer.sh

Mind though “Zevenet Load Balancer installation only available for Debian Jessie, currently”.
Could use two Pi’s for doing the LBing (redundancy) and they could be members of your DNS farm at same time.


#16
  1. not equally distributed.(round robin for example)
  2. WAN DENY rules for google DNS servers (4 experiment)

#17

any updates here? Would be perfect if we had a slave dns too


#18

when we break it down what exactly needs to be syncd? blocklists, hosts file, whitelist, blacklist? it gets complicated trying to sync the temp. disable but for basic stuff wouldn’t a crude scp transfer suffice for the interim?

Which is basically what WaLLy3K said but someone said the script they pasted did not work - did anyone else try it?

@WaLLy3K if the indenting is breaking the code is it something you can host on https://wally3k.github.io/ ?


#19

Could you elaborate on what you mean by Nginx Load Balancer? I’m assuming most people use Pi-hole on their home networks, so it doesn’t make sense to have a load balancer in front of the Pis

If it’s only an issue of copying configuration between Pis, then I can try to come up with something.


#20

A load balancer can provide HA if have two or more load balancers for redundancy that provides one virtual IP address (or more) as endpoint for the clients.
If the LB node holding the virtual IP goes down, the virtual IP will failover to a still active working LB node.
I think it will work if you take two Pi’s/nodes that can do both the LBing and be members of your load balanced DNS/HTTP farm.
I noticed latest Zevenet (former Zen) is also available for Stretch now:

I really have no need for this at the moment and am too busy with other projects to try it out.
But if HA is your thing, a load balancer can come in handy for redundancy and ease of maintenance as you can take down a node at any time.