I was checking the logs for my PiHole trying to debug an issue (sometimes clicking links on web pages seems to not work, but then a second click does). I noticed in the pie charts on the homepage that traffic was split roughly equally between the two Google DNS servers - I'm not sure if this is normal or something is failing making it swap over.
So I watched the logs for a little, and noticed that both of them show up at times, and in some cases a single request goes to both:
Is this normal behaviour? If so, why do only some go to both? If it's not normal, how I can debug it? If one of them is failing, I wonder if that might be the cause of the behaviour I've been seeing with needing to click some links a second time?
Yes, this is normal behavior. Pi-Hole FTL has an algorithm to determine the best performing upstream DNS server and will then route traffic accordingly. The specifics are discussed at the bottom of this linked documentation. The summary is:
" We keep using the fastest responding server now for 1000 queries or 10 minutes (whatever happens earlier) instead of 50 queries or 10 seconds (default values in dnsmasq ). We keep the exceptions, i.e., we try all possible forward destinations if SERVFAIL or REFUSED is received or if a timeout occurs".
To see which servers are best in your area, add a few new ones to the mix (Cloudflare, DNS Watch, etc), and let them all run for a day or so and see which ones Pi-Hole favors. In my area of the world, Cloudflare is routinely the preferred (after my ISP).
Is the request that went to both because it was comparing the speeds, or does it suggest that one of them failed? (if it did fail, would/should that be logged?).
Good idea about trying others - I'll add some in and see what happens. I did run namebench(?) a while ago, and my ISPs were fastest, but I'd had issues with them in the past so had just moved to Google as a default.