Pi-hole 6.3 Proxmox LXC DHCP Option 6

varjo · February 15, 2026, 7:58am

Hallo zusammen,

Ich betreibe zwei Pi-hole-LXC-Container (pihole-01 und pihole-02) auf meinem Proxmox-Server, die über Nebula-Sync synchronisiert werden. Außerdem habe ich das Keepalived-Paket in beiden Pi-hole-Systemen installiert und konfiguriert.

pihole-01 Config

OS: Debian Trixie
Core v6.3
FTL v6.4.1
Web interface v6.4
IP: 10.0.0.18/24
virtuelle IP (keepalived): 10.0.0.20/24

pihole-02 Config

OS: Debian Trixie
Core v6.3
FTL v6.4.1
Web interface v6.4
IP: 10.0.0.19/24

Wenn ich nun den DHCP-Server auf dem Host pihole-01 aktiviere, wird die IP-Adresse 10.0.0.18 über DHCP als DNS-Server-IP bekannt gegeben, aber diese Information ist leider kontraproduktiv, da die IP-Adresse 10.0.0.20 über DHCP bekannt gegeben werden sollte, um auf die virtuelle IP zu verweisen.

Im WebUI, unter Settings > DHCP, finde ich leider keine Möglichkeit die IP-Adresse zu spezifizieren. Die Forensuche war leider auch nicht sonderlich hilfreich. Zwar wird hier auf die DHCP Option 6 verwiesen, doch leider nicht erläutert wo ich diese Option bei einem Nicht-Docker-System hinterlegen kann.

Danke für eure Unterstützung.

varjo · February 15, 2026, 5:30pm

OK, dank diesem Forumenbeitrag habe ich es endlich zum Laufen gebracht \o/.

Es war so einfach wie die Ausführung der folgenden beiden Befehle auf meinen beiden Pi-hole-Hosts:

pihole-FTL --config dhcp.multiDNS false
pihole-FTL --config misc.dnsmasq_lines ‚[ „dhcp-option=option:dns-server,10.0.0.20“ ]‘

Ein einfaches grep dhcp-option= /etc/pihole/dnsmasq.conf, um zu überprüfen, ob die obigen Befehle korrekt übernommen wurde.

Nachdem ich DHCP auf meinem Router deaktiviert und auf dem Host pihole-01 aktiviert habe, erhalten DHCP-Clients ihre IPs einschließlich der DNS-Server-IP 10.0.0.20.

deHakkelaar · February 15, 2026, 7:15pm

Having a Keepalived failover IP is a bit excessive ... KISS.
If you advertise both Pi-hole IP's via that same option dhcp-option=option:dns-server, the clients can decide which DNS server to address without the need of a failover IP.

Eg on pihole-01:

sudo pihole-FTL --config misc.dnsmasq_lines '["dhcp-option=option:dns-server,0.0.0.0,10.0.0.19"]'

And on pihole-02 for when you need to switch DHCP service:

sudo pihole-FTL --config misc.dnsmasq_lines '["dhcp-option=option:dns-server,0.0.0.0,10.0.0.18"]'

Can check with:

sudo pihole-FTL dhcp-discover

varjo · February 16, 2026, 6:13am

Thank you for your approach to this issue.

It is important to me that clients only refer to one DNS server and only use the secondary Pi-hole if the primary one is unavailable.

deHakkelaar · February 18, 2026, 12:59am

Thats not going to work.
Most DNS client implementations dont have a concept of primary and secondary DNS servers.
For them its just a list of DNS servers to choose from.
Some do have strict order or round robin.
But most just pick the fastest responding one similar as how Pi-hole does it below (Improve detection algorithm ...) :

Though dated but below what MS does/did:

The resolver also keeps track of which servers answer queries more quickly, and it might move servers up or down on the list based on how quickly they reply to queries.

I totally see no use for a DNS failover IP as the client implementations already facilitates addressing multiple DNS servers.
Plus with your setup where the clients only address the failover IP, the other inactive Pi-hole node is doing nothing.
Better spread the load without a failover IP.

EDIT: In busy enterprise environment, you would setup three nodes.
Two for redundancy.
Three to spread the load if one node is failing.

varjo · February 18, 2026, 6:10am

My approach works really well. By only announcing the Fail-over IP via DHCP using the following command:


pihole-FTL --config misc.dnsmasq_lines ‚[ „dhcp-option=option:dns-server,<keepalived fail-over IP>“ ]‘
```

As soon as the primary DNS is unavailable keepalived switches this IP address to the secondary and it become the target for DNS requests.

deHakkelaar · February 18, 2026, 10:35pm

So do the clients if they are supplied with both Pi-hole addresses for DNS.
But without the unnecessary keepalived complexity ... KISS.

EDIT:

$ sudo pihole-FTL dhcp-discover
[..]
   dns-server: 10.0.0.2
   dns-server: 10.0.0.4

On 10.0.0.2:

$ sudo pihole api stats/summary
[..]
  "queries": {
    "total": 28490,
[..]
  "clients": {
    "active": 16,

On 10.0.0.4:

$ sudo pihole api stats/summary
[..]
  "queries": {
    "total": 10635,
[..]
  "clients": {
    "active": 8,

varjo · February 19, 2026, 12:58pm

Yes, I totally understand your setup. In your case, clients can contact either host at any time, and in my case, only one of the two, which is intentional. Only if the host pihole-01 is unavailable my clients should fall back on pihole-02.