So I’ve recently installed OPNSense and have it fully setup and working nicely.
Following this guide — Pi-hole and OPNsense – Pi-hole i had setup Pi-Hole and working perfectly, with the host name appearing in Pi-Hole. This has been setup this way for a week or so. Now i want to add a second Pi-Hole into the network to act as failover for the first one. So i setup the other Pi-Hole have it syncing with the first to keep blacklist/ whitelists etc all in sync. Now i thought to add this to OPNSense i would just enter the second Pi-Hole IP address into OPNSense as below, and setting this in Dnsmasq.
When i purposely take the first Pi-Hole down it doesn’t seem to failover to the other Pi-Hole, which does tie in to this thread I’ve been reading - OPNSense + PiHole - #26 by DanSchaper So of course i removed edns0 from Dnsmasq and tried using the conditional forwarding on Pi-Hole which is working as expected and does now failover however in Pi-Hole the client is always showing “OPNSense” or “pi-hole” rather than the device host name or even IP address see below
I’m copied all settings in Dnsmasq and Unbound (OPNSense) and Pi-Hole that i can see in all guides but nothing will make the host names show in Pi-Hole despite adding edns0 back in to Dnsmasq but then of course i lose the failover to the other Pi-Hole.
My 2 piholes (synced with gravity-sync) are dhcp servers distributing my piholes as local dns servers. The piholes already had local unbound installations. When I installed opnsense I just added my piholes as dns servers to opnsense for local DNS resolution and left my piholes to happily work as before.
The pihole that I consider is secondary is configured to delay its dhcp response by a couple of seconds. This results in the primary pihole always responding to any dhcp requests and the secondary acting as fallback.
I couldn't see any benefit to using opnsense as dhcp server or dns server for my network.
I guess this is a possible workaround, if something is broke and there isnt a way to get it to to work, but i like the idea of keeping dhcp assigned to the router.
Out of interest, how did you programme the delay for your second Pi-Hole?
What is your goal when using this setup? As I note at the blog, that guide probably doesn't work anymore. It's old and there's been a lot of changes in both OPNsense and Pi-hole. I haven't spent any time to check and see what changes exactly.
The intent of the post was a way to not have to use Conditional Forwarding since many people created loops with Conditional Forwarding and ended up tanking their setups. The gold standard is still Conditional Forwarding and that's the best way to go about getting local hostnames to resolve and be displayed. OPNsense can be configured to use it's provided unbound with DHCP leases automatically added to the unbound resolver.
My goal is to basically have two Pi-Hole’s setup, one which acts as Primary, and one acting as a secondary, if the first was to go down for any reason. I have two Pi-Hole’s setup and synced with Orbital Sync.
The way its setup at the moment, it doesn’t failover to the secondary Pi-Hole, however if i remove the edns0.conf file this will work however i then lose all hostnames in Pi-Hole, despite having conditional forwarding setup in Pi-Hole.
