I have asked a similar question before but am still a little confused by a Secondary DNS question.
I am running Pi-hole on a Model 4B and using my router as the DHCP Server and all seems to be working as far as I can tell.
It was easy to point the Primary DNS at the Pi on my DrayTek router unlike others I have struggled with such as Sky & BT.
However I left the Secondary DNS blank as I only have the single Pi but notice when I look at the DNS Server on the clients that although the Primary is pointed at the Pi as expected the Secondary is magically picking up one of my two ISP DNS Servers from the router somewhere although as I said above the Secondary field is blank.
Now I have read other articles on this where it seems to me that this is usually best left blank but I don’t want an unfiltered ISP Secondary DNS handling some queries as I understand the Primary is not what it sounds like and any device could call either DNS Server at any time.
So could I input a second instance of the Pi-hole IP address in the Secondary DNS Server field also to make both fields the same which I also understand can cause issues in some instances?
If this is not preferred and as I said above I do not want to leave DNS unfiltered would it be possible to put the routers IP address as the Secondary DNS?
Hopefully this might then pass on the configured Pi-hole IP address and all is well but on the other hand I am fearful of generating a round-robin type of loop or something.
I have just tried putting in the router IP as Secondary DNS and those clients that used to show my ISP DNS when it was left blank is now showing the router IP so that at least seems to hand off correctly but I wanted to make sure this won’t cause any issues.
This is pure personal opinion and it might not be right.
Instead of pointing the secondary DNS to the router, I would repeat the Pi-Hole IP Address.
By pointing to the router, if it gets a Google DNS for example for some supernatural reason, you won't know.
Forcing Pi-Hole DNS there's no "escape". But again, this is how I would do.
Keep in mind tho that this is a ugly way to solve the problem.
What I suggest and I'm actually setting up, is to have 2x Pi-Hole even if you have a small network.
That not just gives you 2x DNS, it also allows you to play/update/change one while the other keeps the network up.
Currently, I only have one and while playing with Pi-Hole my whole home network goes down
Thanks for the replies guys..as you both seem to concur I have replaced the router IP with a second occurrence of the Pi-hole and after rebooting the client I see that the Pi-hole is listed as both primary & secondary so it appears that my DrayTek router seems happy with this.
I did notice that the IP address of the router was listed as the top permitted domain by a long shot with over 23k hits but that could already have been happening?
I'll see how it goes...thanks again.
I do have a spare Pi that I could press-gang into service as a second Pi-hole if I have no alternative but I would rather keep it simple with just the one although I do like the peace of mind that a failover Pi-hole would provide.
Is there a way to combine both Pi's into one interface or is that asking too much?