What if Pi-hole could also be used as a gateway proxy?
So, Pi-hole monitors x gateways on the internal network and automatically switches to another defined gateway if the main gateway fails? I'm only interested in failover, not load balancing, etc.
Please elaborate - what gateways are you referring to?
You'd need a router for that.
As a DNS forwarder, Pi-hole is not involved in routing at all.
I believe gateway functionality is an essential part of Pi-hole. The idea is to use Pi-hole to perform transparent and simple router failover without having to change the default gateway on hosts. The plan is to configure a network-wide Pi-hole as the default gateway, checking the availability of two WAN routers and forwarding traffic to the second router instead of the first if necessary.
Setting this up via the CLI is quick and easy (enable IP forwarding and add an iptables entry). It's so simple that it could easily be done in the web interface.
That belief is wrong: As already mentioned, Pi-hole is a not involved in routing at all.
There are specialised software packages or even entire OSs that focus on routing.
But even if you'd use them: A home network typically has just a single one gateway that connects it to the Internet - providing a failover would be mute.
1 Like
Pi-hole is designed solely as a DNS sinkhole for name resolution, whereas gateway failover is a routing function that requires a dedicated router. It is not as simple as it sounds, especially when Pi-hole is running in Docker.
1 Like
About the best one might hope to do is to dynamically adjust what Pi-hole’s (dnsmasq’s) DHCP would offer for gateway. But that’s for when a client requests an address.
@tomporter518, thanks for your thoughts.
That's precisely the nuisance I want to eliminate. A gateway failover in the shortest possible time, instead of potentially waiting 23 hours for a new DHCP lease. Not to mention static IPs. I usually run PH as a Debian-VM, which, in case of failure, is taken over by another within 30 seconds to ensure DNS/DHCP within the network.
If PH could use multiple gateways internally, the failure of a gateway router would be much easier and elegant to mitigate.
Apart from your idea, I haven't been able to find any discussion on this topic. Just "No”, “it's not possible", "Not planned," etc.
Therefore, I'll probably just set up a mini-Debian VM that provides a virtual gateway via IP forwarding, masking only the actual gatewayIPs. Or I'll use a bloated virtual OpenWRT, pfSense, or something similar that offers this out of the box. It's quite astonishing that nobody here is thinking about the essentiell triad of DNS/DHCP/GW and recognizing what might be missing.
PH is not only a DNS sinkhole but also a DHCP server. The next logical thought is to act as a GW alias. Someone thinks running the essential DNS/DHCP/GW services via Docker is something I would call extremely brave or stupid.
:
Furthermore, Docker uses IP forwarding intensively.
That's exactly why I suggested minimal routing/redirection as a very easy to implement but highly effective and reliable extension.
Even though I'm anything but a fan of featuritis. You should think about easy-to-implement and useful extensions. Fortunately the underlying OS provides such functionalities.