Most operating systems implement them as alternatives, not as fallbacks, i.e. they will query any of both servers from time to time, so it is quite likely that you will loose your Pi-hole filtering capabilities (at least partially). That is why we have never implemented this.
This is a problem because my router requires a secondary DNS server; its not "optional", and it cannot be the same IP as the primary DNS server.
Can you explain what this is doing? Thanks
Sure.
So the
dhcp-option=6,Pi-holeIP,SecondaryDNSIP
Woyld look like this:
dhcp-option=6,192.168.1.2,8.8.8.8
Assuming pi has 192.168.1.2 ip. Replace with what you have.
8.8.8.8 is the google dns
So if you use your pi as dhcp server, it will push those ips as primary and secondary ips.
Will this work?
Creating file /etc/dnsmasq.d/05-custom.conf
# DNS
dhcp-option=6,10.0.0.1 10.0.0.2
# NTP Server
dhcp-option=42,10.0.0.1
I have two Pi-holes running here, setup was no problem and putting both in the router's DHCP was simple.
Clients seem to pick one or the other and change from time to time with no issues, they seem to be roughly split between Pis. If I power one down all clients migrate to the one still up. Plug the other back in and after a couple days the clients are once again roughly split between them.
I'm sorry but that is one of the most short-sighted thing I've seen in last ... 20 years! So according to what you say it is better to paralize dns resolving in whole network rather than in case of "server down" situation just let ads trough for time needed for fix. And I'm not even saying about second Pihole for redundancy (which is naturaly first thought - or at least should be), like somone said there are situations where you are forced to give second DNS which makes Pihole useless because like you said yourself there is no fallbacks but alternatives! Second DNS should not be just a feature for voting - it just MUST be there!!!
It's not a Pi-hole issue. Operating systems do not use primary and secondary DNS, there is no such thing as fallback. All DNS servers configured in a client will be used.
In the situation of the router requiring a second DNS entry, there are several potential solutions. Enter the same DNS twice, enter an inactive IP from your LAN range as the second DNS, enter 0.0.0.0 as a DNS. In cases where users have not been able to make any of those options work, using Pi-Hole as DHCP can be a solution. If all of that fails and the router is not configurable (as is sometimes the case with an ISP-supplied router) users have added their own router and put the ISP router in bridge mode or on a different SSID.
Adding to the point mentioned above: If all of the mentioned methods fail (for whatever reason) and you don't have a second Pi-hole for redundancy, you can also simply assign an additional IP address to the same physical network adapter. The process of creating a virtual network interface in Linux is a quite simple matter and can even be done in a one-liner, e.g.,
sudo ifconfig eth0:0 192.168.0.11
You can make the change permanent by adding something like this to your /etc/network/interfaces:
iface eth0:0 inet static
address 192.168.0.11
netmask 255.0.0.0
broadcast 192.168.0.255
You clearly didn't read my post with understanding - I know it's NOT fallback! The issue is that almost all dhcp servers gives you option for alternative DNS, or more which is absolutely usefull in case whan one is down! But for some reason your one doesnt have such basic option in simple way to be set.
@jfb "enter an inactive IP" buahahahaha now thats usefull advice. It will do the same, DNS resolving will be dead if serv is down!
I'm in charge of network which for technical reasons often must be separated in two different ones. My plan is to make one pihole in each of them, on both will run DHCP with exactly the same static leases which makes them redundant, to be perfect dhcps should give clients lease with both DNS.
There are more usless options included in pihole... it's just so stupid to argue about something which is everywhere and its so obvious.
I wish you the best of luck then.
This reason is that many users don't have a second Pi-hole. If we'd show them a box to enter another DNS server, most wouldn't know how to handle it. It is likely that such a feature would cause more harm than anything else. I'm not talking about you, however, the typical user might be touching networking the first time at all when they install Pi-hole so this a valid issue.
This is very possible with Pi-hole, however, for the reasons I mentioned above, is not directly available on the web interface.
Create a file /etd/dnsmasq.d/99-second-DNS.conf and enter
dhcp-option=option:dns-server,192.168.0.2,192.168.0.3
(replace the IPs by the local Pi-hole's and the alternative one's). Restart pihole-FTL with sudo pihole restartdns to have it re-read the config files.
Devices that offer this are typically not DNS servers themselves. Routers, for instance, either allow you to set two DNS servers they distribute (the clients will use those DNS servers directly, not ask the router) or use this addresses as their own upstream configuration (in this case clients will only receive the router's IP address as a single DNS server address).
Our DHCP server has never been meant to be a solution that can support more than very basic network topologies. It is meant to be useful for those who cannot change the DNS servers on their ISP-provided routers to have an easy alternative. We still offer a lot of functionality and power, however, most of it is not exposed to keep the interface simple.
We are still here to assist anyone to get the configuration they'd like to set up. And -- often enough -- it turns our that users can achieve what they want with something much simpler than they initially envisaged (This is not the case for you, however, it is still what we see most of the time).
Would it be so painfull to put that in not as just another DNS box but an "expert" option with some simple description and HUGE RED WARNING?!?! Why do I have to take such a stupid detour to utilize option which is so basic, to get all juice out of this really great piece of code? Anyway thx for being patient, I know I may be anoying.
Your solution provided is perfectly simple enough and has enabled me to have a secondary DNS server assigned via DHCP. Your description of why this is not a UI driven option is perfectly in line with the idea of pi-hole.
pi-hole is primarily a DNS server that has some DHCP services attached, it is not a DHCP/DNS solution.
thankyou, was a bit confused as my modem asked for a secondry dns - didn't put it in (after reading this) and it filled it in for me (assuming it is a blank fill in) everything works very well - thanks again - so far blocking all ads 
update - found an ad so i put the same dns in for the primary and the secondry - seems to work so far (and let me do it)...... fingers crossed
As it's quite crucial: you mean '"secondary" DNS servers', right?
I think this thread got confused - the accepted solution answers the question I was looking to solve and the one the OP was actually asking I think. I followed the accepted solution with a minor tweak.. dnsmasq will interpret 0.0.0.0 to mean "the address that dnsmasq is running on" (i.e. the address of the pi-hole). So I have the following:
pi@pi-hole:~ $ cat /etc/dnsmasq.d/10-custom-dns-override-dhcp.conf
dhcp-option=6,0.0.0.0,208.67.220.220
with the second address being one of the OpenDNS servers. This works for me and now DHCP clients are configured with the pi-hole's IP address and the OpenDNS server as their two resolvers, where before they were receiving 8.8.8.8 as the second resolver IP which I guess is hard coded.
My question for the developers then is, why is this not the default? I have already selected OpenDNS as my upstream servers in the pi-hole web config, but I have had to make this modification to get all DHCP clients to use OpenDNS if pi-hole is temporarily unavailable. I do not want machines on my network to use the Google DNS resolver, ever.
Feels like it should be simple enough to change the default behaviour to take account of the configured upstream DNS preference in the DHCP client resolver option.
By distributing a secondary DNS server (that is not also running Pi-hole) to your client via DHCP, the choice of a DNS server happens at your client's discretion.
It is perfectly valid and to be expected that clients will bypass Pi-hole in such a scenario.
Understood, and thanks for the link too. I'd thought originally that pi-hole was sending the 8.8.8.8 as a second resolver address in the DHCP response, but after testing further, it isn't, the client was setting it itself because only one was received from the pi-hole. This makes more sense now.
This is a great discussion!
I have a two pi-hole setup, each pi-hole configured with reserved/static addresses for my know devices, each serving dhcp (on non overlapping ranges), and each serving 8.8.8.8/8.8.4.4 as the upstream dns.
Router has dhcp disabled.
If one pihole goes down, I believe that each device will get its next IP lease from the 'still up' pi-hole - as there are the two dhcp servers on the network. However, until the new IP lease, I'm guessing there'll be no DNS resolution? (Lease renewal is 1hr.)
I believe I should edit 02-pihole-dhcp.conf, as at the top of this thread, so that if one pi-hole goes down, devices can receive DNS from the second pi-hole, BEFORE they receive aLtheir new IP lease from the second pi-hole. Is this correct?
And lastly, my 02-pihole-dhcp.conf states 'ANY CHANGES MADE TO THIS FILE WILL BE LOST IN CHNAGE'...