Hi.
I finally got around to setting up pihole on my pi (yay!). However, I have a couple of questions about configuring my router.
-
According to this, I should set my router's LAN dns to the pihole. I should not set a secondary DNS. What happens if the Pi goes down? Don't I need to set a secondary for that? I've seen lots of contradicting advice stating I one should set a secondary dns exactly for this reason.
-
Question 1 is kinda moot for me. It appears my router only allows me to set a single dns in the lan settings. When I refresh ipconfig on my windows box, I do get 2 dns entries. The first is the pihole, the second is the router. Is this ok, or might this cause some type of circular or other problems?
Thanks!
The major point in having a secondary DNS server is as backup in the event the primary DNS server handling your domain goes down. If pihole (primary DNS) goes down, secondary DNS is ready to serve you.
No problem at all
This isn't always the case. In a lot of situations, using a secondary will allow advertisements to come in as the client may use either the Pi-hole or the secondary. There are a number of different schemes to this process, but if you use, say, Google as a secondary, queries will be sent to both the Pi-hole and to Google.
A secondary is not a DNS server that will only be used if the Pi-hole fails, it will be used even if the Pi-hole is working.
Do how do you protect against pihole failing? Do you have to have a redundant pihole?
The same could be asked of the manufacturers of who make routers: if your router fails (considering it's acting as the DHCP and DNS server), your network would stop working.
Pi-hole is pretty stable so it's usually not something to worry about, however, you could set up a secondary Pi-hole and set it as an upstream server on the primary Pi-hole.
This is also important that Pi-hole be the only DNS server.
This is, of course, entirely up to the user, but for full ad blocking power, you will probably want to set it as the only DNS server.
Sure, but my router is a requirement for many reasons including the hardware firewall. If pihole goes down it would be nice to fail open since it's just blocking within my local lan. If it goes down while I'm at home no biggie. However, if it breaks while I'm away that's a problem.
My router has been rock solid, and with time pihole will prove its own reliability.
I suspect I'm worrying about a non-issue, but if there was an easy solution to handle this situation then great. It sounds like there isn't.
Unfortunately it appears my router forces itself as the secondary. Oddly enough, it appears the add blocking is working just fine.
It's always good to be cautious and you're certainly not the first to wonder or worry about what happens if Pi-hole dies and is the only DNS server available. Because without it, your Internet (as you know it) would stop working!
I'm not sure if you know this or not, but many routers actually use dnsmasq to provide DHCP and DNS services, which is really no different then us; we have some additional software built on top of it--including our Web interface--but the actual reliability of DNS resolution will be comparable to that of a home router since they are both using dnsmasq.
It may not happen with every router--it's just something we have seen, which is why we mention it.