Running two Piholes?

So, what would happen if you ran two Piholes on your network? I think DNS is load balancing so so having two DNS servers makes sense (if that's true), but would they conflict with each other? Would it be an admin pain in the arse to keep tuned up?

Most networks have at least two DNS severs available for redundancy.
Thats why the clients can be configured with one, two or more DNS servers for resolution.
As the blacklists are updated automatically, I dont see any extra burden.

I might have to give this a go.
My Router(ASUS RT-AC1900P) only lists one DNS server in its DHCP settings. Its WAN settings have two DNS server entries.
Currently, I have the Pihole listed as the DNS server in the DHCP setup and the OpenNIC Public Servers listed in the WAN setup. The one Pihole I have (at the moment) on my network has the Google DNS servers as its upstream providers. My clients have the Pihole (x.x.99.252) and the Router (x.x.99.254) listed as their DNS servers.

I'm trying to wrap my head around what DNS servers I put where in the setup. Would I put pihole 1 and 2 in as the WAN DNS servers? Should I leave those alone, and try and figure out if my router's DHCP settings will allow me to put two IP addresses in the DNS server box of the DHCP setup?

Other questions come up: Can I have just one interface to see what's happening on both Pihole's (when setup)?
Can the Pihole DNS services support Local CNAMES and A records?
Am I just making my home network to complex?

This will cause ads to leak through as the clients will also ask the router for resolution which is not blocking ads.

If you do this, you create single point of failure again namely your routers DNS service and you wont be able to see proper stats.

From experience, I know this is not possible with my own Asus router (RT-N66U).
But you can try as this is preferred/recommended.
I am using the DHCP service provided by Pi-Hole instead of the one from my Asus router.
But this complicates matters if want to have DHCP redundant too.

Yes to all three.

Thanks for the input!

I didn't have good luck using the Pihole's DHCP server. I had a few devices that didn't get IP addresses.

Please point me towards details on a single interface for two Pihole's, and how to add A records to the Pihole DNS server.

Thanks again

I wonder if you have same issue as i experienced with Asus.
If using the router for DHCP, can you post results from below on a Linux client please:

cat /etc/resolv.conf

Or if on a Windows client:

ipconfig /all

*For latter, I am only interested in the DNS server(s) displayed.

I dont have details, you'll need to figure out yourself as probably no one tried before.
Its Linux so almost everything you can think of is possible if using right software and bit of scripting.
One solution I can think of is installing cluster software with a virtual IP address (the single interface) that can failover from one Pi/system/node to the other.
This does mean that only one Pi will be active in the cluster.
For proper stats, this also means you need some kind of cluster aware shared storage, like for example a NAS, for storing logs and the black/white-lists.
And you'll need to cluster at least the dnsmasq daemon and cron jobs running for Pi-hole.
And if want it to be truly redundant, the shared storage needs to be mirrored or distributed as well so you need two NAS units or similar storage.
You asked complicated :wink:

If you create a file in the "/etc/dnsmasq.d/" folder, like for example "20-records.conf",
you can add your personal DNS records to this file like for example (from the man page):

cname=<cname>,[<cname>,]<target>[,<TTL>]

Or for text:

txt-record=<name>,<text>

Check the dnsmasq man page for other types like for example mail:

mx-host=<mx name>[[,<hostname>],<preference>]

Ps. I believe when you add records, dnsmasq needs to reload eg:

sudo service dnsmasq reload
sudo service dnsmasq restart

1 Like

Oops forgot A or AAAA records ... from the man page:

host-record=<name>[,<name>....],[<IPv4-address>],[<IPv6-address>][,<TTL>]

Here's my IPCONFIG:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : WorkLaptop
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : DSO-Home

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : DSO-Home
   Description . . . . . . . . . . . : Lenovo USB Ethernet
   Physical Address. . . . . . . . . : 00-50-B6-69-54-6F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::bd4c:5b7d:829e:7527%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.99.112(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, July 1, 2017 11:38:25 PM
   Lease Expires . . . . . . . . . . : Tuesday, July 4, 2017 9:53:59 AM
   Default Gateway . . . . . . . . . : 192.168.99.254
   DHCP Server . . . . . . . . . . . : 192.168.99.254
   DHCPv6 IAID . . . . . . . . . . . : 50352310
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-CF-98-C5-38-B1-DB-E1-F8-DB
   DNS Servers . . . . . . . . . . . : 192.168.99.254
   Primary WINS Server . . . . . . . : 192.168.99.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : DSO-Home
   Description . . . . . . . . . . . : Broadcom 802.11ac Network Adapter
   Physical Address. . . . . . . . . : 38-B1-DB-E1-F8-DB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 1:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 3A-B1-DB-E1-F8-DB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 13:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #3
   Physical Address. . . . . . . . . : 3A-B1-DB-E1-F0-DB
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b930:c7d8:4a61:cfc8%18(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.137.1(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 440054235
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-CF-98-C5-38-B1-DB-E1-F8-DB
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 12:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:2095:1e67:bc42:8fcf(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::2095:1e67:bc42:8fcf%14(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 218103808
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-CF-98-C5-38-B1-DB-E1-F8-DB
   NetBIOS over Tcpip. . . . . . . . : Disabled

Here is my current setup and notes on running two Pi-holes (setup the way I have it):

Comcast Gateway(set to bridge mode) > Wired to ASUS AC-1900P (Doing all the Router services: DHCP, WiFi, and stuff) > Wireless clients and Wired into 24 port dumb switch. Two Raspberry Pi Zero W's providing DNS to the Router (They're set up in the WAN settings as the upstream DNS servers)

Pro's: Very few Ads get through. No need to mess with the DHCP settings in the router.

Con's: No single admin interface to the Pi-holes (I might be able to figure out how to get this working, but not at the moment). The Pi-holes don't know which devices are asking for what on the internet, they only see the DNS requests from the router. IF the Pi-holes fail I lose DNS and therefor internet service (that's a small chance I know).

Way's I think my setup would be better (If I knew how)
Single interface to the Piholes
Passing of client DNS requests (with client information) to the Pi-holes so I knew which device was asking for what internet address.
A GUI or web interface to (slightly) more advanced DNS services like A records and CNAMES.

Thoughts: Do home networks REALLY need redundancy? What about home offices? No, I don't think that the costs for true redundancy are needed or warranted in a home office or home network.
The Pi Zero W makes a great platform for Pi-hole. Bigger more powerful devices are overkill if Pi-hole is all you're running. BUT on the same hand, wireless DNS is not as reliable as a physical connection.

Doesnt look like you have Pi-hole configured for DNS resolution but still have your router doing that:

I experienced that whatever I put in the field "DNS Server" on the "LAN-->DHCP server" page,
the router would allways push its own DNS service to the clients too.
So the clients would receive two DNS servers, one being Pi-hole and the other being the router IP causing ads to still leak through.

For proper stats, the clients would need to use the Pi-hole IP address for DNS resolution instead of your router IP.

If want everything redundant there is allot you need to do like for example have two upstream internet connections (two routers).
And all systems that provide services like for example DNS would need two network interfaces, two power supplies, multiple UPS units plus two switches, for redundancy.
Its just how far will you go.

I wonder if you can bond two Pi's to create a semi single interface.
But your switch needs to be able to support LACP.

I have two Pis running DNS service for my network for redundancy. So even if one of them breaks, the other will still ensure that name resolution will still work properly.

I have a third device as DHCP server with no redundancy, which passes both IP addresses to the clients.

If the DHCP server fails, there will be no backup. I'm fine with that because it will only cause problems when (re-)adding new devices to the network. Devices which already have valid IP settings wouldn't be affected (immediately). If, however, the DNS server fails, all devices loose name resolution capability leading to a failure on all devices.

1 Like

My experience running two Pi-holes so far

So I have been running two Pi-holes for about a week now and it's been mostly GREAT!
Here's my setup:
Comcast Business Internet > Comcast leased Cisco gateway > Asus RT-AC1900P WiFi router (DHCP, DNS, Firewall, Simple routing functions (2 port forwards) and WiFi) > ~35 wired and wireless devices.
I have two Pi Zero W's running Jessie Lite and Pi-hole on them.
The IP Map:
Cisco Gateway = unknown (running in bridge mode so I don't see its IP address)
RT-AC1900P WAN = 67.189.x.x
RT-AC1900P LAN = 192.168.99.254
Pi-hole 1 = 192.168.99.252 (added in the router's WAN DNS server 1)
Pi-hole 2 = 192.168.99.251 (added in the router's WAN DNS server 2)
I know, the Pi-holes are backward. I had a managed switch on x.x.x.251 for years, so I setup x.x.x.252 first :wink:
DHCP = IP's x192.168.99.10-200, 255.255.255.0, GW192.168.99.254, DNS192.168.99.254 and WINS192.168.99.254
With my set up, I can only assign one DNS server to the DHCP clients from my router.

Now the only problem (for me) is that the Pi-holes don't see the network devices due to the setup and all my dashboard shows are the RT-AC1900P's IP address.
In a better world, I would be able to assign both the Pi-holes as the DNS servers in DCHP, but the router doesn't support that. If I were to add .252 as the DNS server, the router makes itself the other DNS server.

So in summary, the Pi-hole is a wonderful package that helps to keep the AD's out and keeps my browsing speed nice and quick. I HIGHLY recommend the Pi-hole to anyone who will listen.

1 Like

Thanks for sharing. It's interesting to learn about people's setup. This feature request may also be of interest to you:

Thank you! :heart: