Robust Pi-hole DHCP configuration

stirbitch · November 18, 2020, 11:12am

I am so much of a newbie that my first Raspi is purchased but not yet up and running. However, I am keen to use Pi-Hole on my home network, and am starting to think about configuration.

The setup is Virgin Hub 3.0 (spit), and currently there are 10 devices with DHCP leases - computers, phones, Wifi Extender, set-top box, ATA, and there will doubtless be others. There are two main people using the network - me, and my partner who is less techy than me and relies on the network for work - and we also have the occasional visitor device on the network.

So I understand I will need to disable DHCP on the Hub, and use the DHCP server on Pi-Hole. My concern is that the Raspi might crash due to SD card corruption when I am not around, leaving my partner unable to access DNS, and me in the dog house. I would also prefer to keep the IP address configuration as simple as possible, and all server-side.

I understand about using good quality SD cards with plenty of room, and a good power supply, but there is still the possibility of failure, and I was wondering about the best DHCP configuration to mitigate that risk.

From a bit of reading around, my thought is that it would be simple and robust to allocate all IP addresses dynamically, but give them a good long lease - maybe a month. In the case of the Raspi/Pi-Hole failing in some way, that would at least give me plenty of time to talk someone through connecting to the Virgin Hub from any existing client to reactive DHCP on the Hub - which should then give all clients access to Virgin's DNS servers and restore Internet access.

Does that sound like a sensible plan, or are there fatal flaws, or better alternatives? One thing I am unsure about is how the lease time might be implemented/interpreted on all the various devices on the network in the absence of the actual DHCP server,

Thanks for any help.

deHakkelaar · November 18, 2020, 2:20pm

Not necessarily:

If Pi-hole is doing DHCP instead of the router, and Pi-hole is failing, both DNS and DHCP will be down for the clients.
Its one and the same binary named pihole-FTL that does both.
So meddling with DHCP lease time is of no use.
If you use a dedicated Pi to run Pi-hole and dont customize too much, it can be a very reliable setup.
Mine (a Pi 1B with DHCP enabled) has been running for close to four years now without problems.
And if for some reason Pi-hole fails or if I need to perform maintenance, I just enable the DHCP service on the router again.

Coro · November 18, 2020, 3:16pm

I'm running the Pi-hole with DHCP for years as well and never had a single issue. To cover all possible external influences, you may want to install an uninterruptible power supply. There are solutions for DIY (typically less than $10) or ready-to-buy boards like PiJuice (typically lot more expensive).

See, for instance,

stirbitch · November 18, 2020, 5:45pm

Thank you for the reply, but with the Virgin Hub you cannot configure it to use any non-Virgin DNS. It is mentioned in some Pi-Hole docs, but I should have explained it more clearly, as if you do not use Virgin you have no reason to know about it.

But of course I could buy another router, and just use the Virgin Hub as a cable modem only. That would be good in a way, because the Virgin Hub router is crap, but on the other hand I want to keep things as simple as possible - generally-speaking I don't like tinkering with networks.

But I will consider getting a standalone router. Presumably with a decent router I should be able to tell it to try the Pi-Hole DNS first, and only revert to another server if Pi-Hole cannot be accessed?

And maybe I am indeed worrying too much about things that might not happen. It's just the way I am

stirbitch · November 18, 2020, 6:34pm

Thank you. I have little idea what is available, so it is good to learn.

A UPS might be nice to have to increase reliability, but really I think "all" I need is some way to be sure I can create a window of a few days to explain to someone non-techy how to "get the internet back" in case of failure. Providing that person still has an IP address so they can configure the Virgin Hub, I think that is doable.

Pi-Hole in itself is not mission-critical to me, in the sense that we could live with normal DNS access for a while.

Bucking_Horn · November 18, 2020, 10:33pm

You should worry a lot more about DNS than about DHCP (but maybe still less than you think).

Once a client has acquired a DHCP lease, it won't need the DHCP server until that lease expires. Depending on actual lease times and your device's behaviour, you may not even notice if your DHCP server retires for a few hours before reporting back for duty.

On the other hand, you'll likely notice DNS failures almost instantly: You can't surf the net if you cannot resolve domain names.

But still, I don't think you'd need another router.

The thing to realise is this:
You are not introducing any additional risks in your network - you are just shifting DNS and DHCP from one single point of failure (your router) to another (your RPi).

From your description, it would seem you fear that your RPi might have a higher probability of failure than your router, mainly due to sd card issues.
Using a good power supply and sd card would go a long way towards decreasing that probability.

Any device can fail. The majority of electronic equipment tends to fail right at the beginning or near the end of its expected lifetime, so let your RPi run for two or three weeks before you leave it alone with your partner.

And for peace of mind, you might want to stick a note next to your Virgin router that explains how to re-enable DHCP in case your RPi should fail.

stirbitch · November 19, 2020, 1:03am

Thank you. You made many good, and reassuring, points.

I still think I am introducing more risk, as the modem/router and RPi will be components in a series system - if either one fails, the system will. But let's put that to one side, as it is not my main concern.

My main concern is that, IF the Pi-Hole DHCP server fails, then

a) I will lose the Pi-Hole DNS server also, and...

b) I perceive (largely due to my ignorance I suspect) a risk that all my devices will lose their IP addresses, which will make it impossible to connect to the modem/router config pages without faffing about setting up a static IP address. (But if the device kept their IP addressed, it would be easy just to re-enable DHCP on the modem/router, the Virgin DNS would be found, and connection to the Internet would be restored.)

I now feel more comfortable about the SD card, but regardless I am now seeking some guidance on point b. Maybe it is not an issue - you certainly imply the devices will keep their IP address. But is that behaviour well-defined? Does it depend on the failed DHCP's configured lease times? Or is it perhaps totally up to how the clients are implemented?

It does occur to me that, as this is a Pi-Hole forum, it may not the ideal place to ask, especially if the behaviour depends on the client rather DCHP implementation. Just let me know if I should go elsewhere, but initially it seemed a good idea to try here.

BTW, if it matters, the relevant client OS would be Windows 10.

Bucking_Horn · November 19, 2020, 8:28am

DHCP certainly is, and it is quite robust by design (click for more)

A client will let go of its IPv4 address once its DHCP lease expires. It will start requesting a new lease at certain intervals through its known DHCP server well before that (usually after half the lease time), but hold on to its address even if renewal failed.

If renewal fails after lease expiration, a client will look for any DHCP servers in your network by broadcasting for a new lease, just like it did on joining your network.

However, note that leases do not survive power cycles, and disconnecting and reconnecting to a network (e.g. as smartphones do) always triggers DHCP lease negotiation anew.

That's possible, so having access to a device with the ability of defining a static configuration is a good idea.
If your PC would have two ethernet ports, you could preconfigure a static IP for the second one while continuing to use the first with normal DHCP. In case of a failure, you'd plug the ethernet cable from #1 to #2 to regain access to your router.

Also, some routers would allow access to their admin UI via their link-local IPv4 (169.254.0.0/16 range), though availability differs by make and model, and its usually not well documented. E.g. for a device on a direct connection to the router (the same link), I can log into my router at http://169.254.1.1/.
Try to find out if you can access your router via a similar such IP.

Considering alternate sources for support is always a good idea, especially if it gets to device-specific intracacies.

stirbitch · November 19, 2020, 10:43am

Thanks again!

I cannot find any web-mentions of link-local and the Virgin Hub, and the few likely-sounding IP addresses I tried did not work.

So I think I will try to find out more about how well Windows 10 hangs on to leases.

And if it doesn't hang on very well, I will configure a static IP address, in some form or other, on one or more Windows 10 machines. I think it's bettter to do it in advance rather than when under pressure, and perhaps via someone else over the phone. It's not that much faff after all, but I was hoping to avoid it if possible.

Also I will take 100 lines: "I must remember that it is DHCP not DCHP"

stirbitch · November 19, 2020, 4:16pm

It looks like everything will be fine.

Those nice Windows people provide APIPA (Automatic Private IP Addressing), which is precisely for this type of situation. If your machine is configured to use DHCP, but a DHCP server is not available, APIPA will give you a link-local IP address. And that should allow you to configure your router.

system · November 26, 2020, 4:16pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.