Greetings,
my question is: if I have more than one pihole in my network for dns backup, should I change the port of unbound # 5335, or can I use the same port for several Pihole of my network ?
thanks for your help
Hey Cesar,
Something that might help others is describing why you need two pi-holes on your network and they can work backwards from there?
DNS (for the layman like me) has three ways it can operate in a home environment. (That I am aware of)
-
The device responsible for DHCP will assign a device on the network a lease which includes DNS servers. Commonly this is your router but your Pi-hole can if configured, act as one.
-
A device may have hardcoded DNS servers and will ignore any DHCP assignments
-
You force redirect all DNS requests, block TLS and block known DoH providers
If you have multiple Pi-holes on your network, if you control both of them then you would simply just add it to your DHCP assignment device.
If you do not control the router nor the other Pi-hole then I am not sure what you could do other than manually assigning things but that’s bleh.
Most people have that have two Pi-holes have it for ‘high availability’ reasons but it’s massively overkill.
Thanks for your answer ShrewdGreyhound, I use several piholes for several options 1 is for normal clients blocking only advertising and the other for clients with children under 18 years of age, with different blocking, in this way I can help parents to be confident, in total they are 4 pihole with a primary and a secondary dns
Is using groups not an option? I had to do this for a teenager that was excessively playing games during his exams time (2am type stuff)
All I did was creating a new group with blocks, assign it to his devices and do what I mentioned in point 3 in previous post
As long as you clearly named the groups it would be more than sufficient
Also please keep in mind that you must communicate to the parents this type of blocking can be bypassed relatively easily. They are better off having a conversation with the kids (cause they will find out porn) or locking down their devices account wise.
Unless you lockdown common VPN ports, set up correct DNS redirection, block DoT and known DoH + VPN servers this can be bypassed. This cannot be done through Pi-hole.
ShrewdGreyhound,I am going to try by groups as you explain, thanks, the issue is when more than 2 pi-hole is used with unbound, the listening port would be the same? # 5335 or port must be changed for each Pi-hole, in my case I am testing Pihole in ISP it is not a home network
For noobs it’s easier to add and mange the DHCP through the router and just add the two Pi-holes as DNS servers in its DHCP settings.
Edit: listening port would not matter if you assigned it as I described, clients would try main Pi-hole first only only fallback to secondary if timed out.
I am not sure what you mean by
in my case I am testing Pihole in ISP it is not a home network
You can also very likely adjust DNSmasq on the main Pi-hole to serve two DNS servers. I am not sure how you would do it as I did it from my router but google should offer answers (should just be in the documentation) 
Also found a stack overflow for you that might help. I’m off for the night 
thanks ShrewdGreyhound again helps me to clear many doubts.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.