I have a DrayTek 2860 router which I use as my DHCP Server and so when I set up Pi-hole on my RPi I edited the Primary & Secondary DNS Server entries in the router away from Google 8.8.8.8 and 8.8.4.4 to point at the static IP address on my RPi.
All good so far but here come the questions;
Should I enter a Google DNS entry of 8.8.8.8 for example into the Secondary DNS entry in the router DHCP which is now blank? Would this be a failsafe of sorts where if the Pi failed for whatever reason my network doesn't grind to a halt because the only DNS entry would points towards the failed RPi? Or does it not work like this?
I have two WAN connections to my router. One uses its own cable modem connected to the routers WAN2 ethernet port while the second uses the built-in WAN1 VDSL modem.
After altering the DNS in the router I expected to see the original 8.8.8.8 and 8.8.4.4 in the clients DHCP replaced with the static IP address of my RPi as Primary DNS with the Secondary DNS field blank. However there was an unrecognised Secondary DNS entry in there! When I looked it up I found it was the DNS server for my second ISP that it was pulling from somewhere? Now I don't know where to look or how to modify this to reflect a different DNS server so related to my first question if I entered 8.8.8.8 into the routers DHCP Server DNS entry would the DHCP Client pull this down and replace the unwanted DNS entry?
I hope this makes sense and I guess the quickest way would be to give it a try but I've already had one shock for the night when 30 seconds after Pi-hole kicked in for the first time ever my whole network went down. No connection, all WAPS out so no wi-fi and could not even reach my router via ethernet cable! Turned out to be the UPS that powers the router, switch and in turn WAPS etc had decided to switch off at that exact time making me think it was Pi-hole related!
I've just entered 8.8.8.8 in the routers DHCP Server Secondary DNS and it has replaced the unwanted Secondary DNS that crept in from somewhere but it would be good to know that;
a. This is the proper way to do things
b. It will work as expected ie. if the RPi goes down for whatever reason my network will still have Internet access using the Google DNS of 8.8.8.8
Once again I could prove this by taking the RPi down temporarily but I couldn't handle any more drama this time of night...
It does not work as expected. If you announce two DNS serves via DHCP the clients choose which DNS server they want to use based on their developer's algorithm. Usually the "second" DNS server is not used as a fail-over but on a regular basis. This means clients can circumvent pihole if you let them choose from multiple DNS servers.
Thanks for the reply yubiuser even if it wasn’t what I wanted to hear!
I read through some of the documentation and it confirmed what you said.
Problem is if I remove the Google DNS I put into the DHCP Server DNS it will automatically get replaced with my other ISP DNS Server which it is pulling from somewhere so I might leave it as is for the moment while I contact DrayTek to find out where from and how to remove it.
It’s taken me a year to get round to installing Pi-hole on the Raspberry Pi 4B I purchased last October with the sole intention of running this package.
The prospect of a second instance of Pi-hole does not fill me with joy. Maybe when I get more used to how it all works and get some history I might change my mind.
I did that yesterday just to get rid of that phantom DNS Server being pulled in as it was messing with my Chi
I am guessing there is no easy way to at least build in a modicum of redundancy/failover in the event that the Pi falls over and I lose all Internet access?
I have designed my network to have some sense of redundancy, UPS feeding router, main switch and in turn 3 WAPS & Raspberry Pi via PoE from that same switch, two different ISP's on a dual-WAN as failover etc.
I guess it wouldn't take much to login to the router and change the DNS Servers back and of course if I lost the router I lose everything anyway but even then I do have an old 2820 that I kept up to date as much as possible with configs so I could just swap them out if it ever came to it.
Total overkill I know but then again I've had more time on my hands this year than any other year...
TBH I was initially worried about reliability, so for a while I ran dual Pi's as Pri & Sec DNS servers (a Pi2 & a Pi3) - but then this really just introduced another point of failure, stressed the single power supply more and needed another LAN port on my already complex network.
Now just running a single Pi3 and it has been incredibly reliable (famous last words...!). Must be over 3 years now without any issues.
My DR strategy is to spin up a Debian VM on which I have pre-installed Pi-Hole - though TBH it's probably easier just to flip the Draytek DNS back to Cloudflare/Google or whatever.
Regards,
Chris
