Secondary DNS Server for DHCP

In the situation of the router requiring a second DNS entry, there are several potential solutions. Enter the same DNS twice, enter an inactive IP from your LAN range as the second DNS, enter 0.0.0.0 as a DNS. In cases where users have not been able to make any of those options work, using Pi-Hole as DHCP can be a solution. If all of that fails and the router is not configurable (as is sometimes the case with an ISP-supplied router) users have added their own router and put the ISP router in bridge mode or on a different SSID.

Adding to the point mentioned above: If all of the mentioned methods fail (for whatever reason) and you don't have a second Pi-hole for redundancy, you can also simply assign an additional IP address to the same physical network adapter. The process of creating a virtual network interface in Linux is a quite simple matter and can even be done in a one-liner, e.g.,

sudo ifconfig eth0:0 192.168.0.11

You can make the change permanent by adding something like this to your /etc/network/interfaces:

iface eth0:0 inet static
address 192.168.0.11
netmask 255.0.0.0
broadcast 192.168.0.255
3 Likes

You clearly didn't read my post with understanding - I know it's NOT fallback! The issue is that almost all dhcp servers gives you option for alternative DNS, or more which is absolutely usefull in case whan one is down! But for some reason your one doesnt have such basic option in simple way to be set.
@jfb "enter an inactive IP" buahahahaha now thats usefull advice. It will do the same, DNS resolving will be dead if serv is down!
I'm in charge of network which for technical reasons often must be separated in two different ones. My plan is to make one pihole in each of them, on both will run DHCP with exactly the same static leases which makes them redundant, to be perfect dhcps should give clients lease with both DNS.

There are more usless options included in pihole... it's just so stupid to argue about something which is everywhere and its so obvious.

1 Like

I wish you the best of luck then.

This reason is that many users don't have a second Pi-hole. If we'd show them a box to enter another DNS server, most wouldn't know how to handle it. It is likely that such a feature would cause more harm than anything else. I'm not talking about you, however, the typical user might be touching networking the first time at all when they install Pi-hole so this a valid issue.

This is very possible with Pi-hole, however, for the reasons I mentioned above, is not directly available on the web interface.

Create a file /etd/dnsmasq.d/99-second-DNS.conf and enter

dhcp-option=option:dns-server,192.168.0.2,192.168.0.3

(replace the IPs by the local Pi-hole's and the alternative one's). Restart pihole-FTL with sudo pihole restartdns to have it re-read the config files.

Devices that offer this are typically not DNS servers themselves. Routers, for instance, either allow you to set two DNS servers they distribute (the clients will use those DNS servers directly, not ask the router) or use this addresses as their own upstream configuration (in this case clients will only receive the router's IP address as a single DNS server address).
Our DHCP server has never been meant to be a solution that can support more than very basic network topologies. It is meant to be useful for those who cannot change the DNS servers on their ISP-provided routers to have an easy alternative. We still offer a lot of functionality and power, however, most of it is not exposed to keep the interface simple.
We are still here to assist anyone to get the configuration they'd like to set up. And -- often enough -- it turns our that users can achieve what they want with something much simpler than they initially envisaged (This is not the case for you, however, it is still what we see most of the time).

7 Likes

Would it be so painfull to put that in not as just another DNS box but an "expert" option with some simple description and HUGE RED WARNING?!?! Why do I have to take such a stupid detour to utilize option which is so basic, to get all juice out of this really great piece of code? Anyway thx for being patient, I know I may be anoying.

Your solution provided is perfectly simple enough and has enabled me to have a secondary DNS server assigned via DHCP. Your description of why this is not a UI driven option is perfectly in line with the idea of pi-hole.

pi-hole is primarily a DNS server that has some DHCP services attached, it is not a DHCP/DNS solution.

thankyou, was a bit confused as my modem asked for a secondry dns - didn't put it in (after reading this) and it filled it in for me (assuming it is a blank fill in) everything works very well - thanks again - so far blocking all ads :smiley: update - found an ad so i put the same dns in for the primary and the secondry - seems to work so far (and let me do it)...... fingers crossed

1 Like

As it's quite crucial: you mean '"secondary" DNS servers', right?

I think this thread got confused - the accepted solution answers the question I was looking to solve and the one the OP was actually asking I think. I followed the accepted solution with a minor tweak.. dnsmasq will interpret 0.0.0.0 to mean "the address that dnsmasq is running on" (i.e. the address of the pi-hole). So I have the following:

pi@pi-hole:~ $ cat /etc/dnsmasq.d/10-custom-dns-override-dhcp.conf 
dhcp-option=6,0.0.0.0,208.67.220.220

with the second address being one of the OpenDNS servers. This works for me and now DHCP clients are configured with the pi-hole's IP address and the OpenDNS server as their two resolvers, where before they were receiving 8.8.8.8 as the second resolver IP which I guess is hard coded.

My question for the developers then is, why is this not the default? I have already selected OpenDNS as my upstream servers in the pi-hole web config, but I have had to make this modification to get all DHCP clients to use OpenDNS if pi-hole is temporarily unavailable. I do not want machines on my network to use the Google DNS resolver, ever.

Feels like it should be simple enough to change the default behaviour to take account of the configured upstream DNS preference in the DHCP client resolver option.

1 Like

By distributing a secondary DNS server (that is not also running Pi-hole) to your client via DHCP, the choice of a DNS server happens at your client's discretion.

It is perfectly valid and to be expected that clients will bypass Pi-hole in such a scenario.

See also Why should Pi-hole be my only DNS server?

1 Like

Understood, and thanks for the link too. I'd thought originally that pi-hole was sending the 8.8.8.8 as a second resolver address in the DHCP response, but after testing further, it isn't, the client was setting it itself because only one was received from the pi-hole. This makes more sense now.

This is a great discussion!

I have a two pi-hole setup, each pi-hole configured with reserved/static addresses for my know devices, each serving dhcp (on non overlapping ranges), and each serving 8.8.8.8/8.8.4.4 as the upstream dns.

Router has dhcp disabled.

If one pihole goes down, I believe that each device will get its next IP lease from the 'still up' pi-hole - as there are the two dhcp servers on the network. However, until the new IP lease, I'm guessing there'll be no DNS resolution? (Lease renewal is 1hr.)

I believe I should edit 02-pihole-dhcp.conf, as at the top of this thread, so that if one pi-hole goes down, devices can receive DNS from the second pi-hole, BEFORE they receive aLtheir new IP lease from the second pi-hole. Is this correct?

And lastly, my 02-pihole-dhcp.conf states 'ANY CHANGES MADE TO THIS FILE WILL BE LOST IN CHNAGE'...

Don't do this. Make a new file in /etc/dnsmasq.d with the configuration lines.

Thanks for the quick reply.

SO, something like 06-pihole-custom.conf; and this new file will over-ride any settings in 01-, 02, 04-pihole...conf?

1 Like

Yes

No. If you have conflicting settings this will cause errors.

This is exactly what I was looking for.
I don't think this should require sshing the server just to configure a second DNS server. Maybe when people start they don't see having a secondary DNS appealing, but the first time they get no internet because their raspberrypi froze, or because the NAS where they are running pihole is doing raid scrubbing they will start to think about having a secondary DNS server. This should be part of some kind of advanced section or something like that.

2 Likes

This looks really good, as I have 2 Pi-holes on my network and would love to have this working..

Do you know if this is still valid for the current release?

1 Like

It is, as pihole-FTL is a fork of dnsmasq and the configuration command is universal/standard.

1 Like

Thanks everyone for this thread and for the Moderator replies.

New user just setup 2 piholes on 2 RPi zeros primary and secondary and works great. I fell over a few times but this post got me working fine on the current versions of everything.

Things I shouldn't have done;

Don't backup your DHCP config file in the same dnsmasq.d dir you'll get duplication errors!
Don't edit the existing DHCP config file as it'll get overwritten on updates on the gui.

Tested and works great once clients have picked up the new DHCP lease, I stopped my primary FTL process and the secondary was used by my macOS client with no discernible lag and reverted straight away once FTL was restarted.

Great way to have a more resilient DNS config although I can't guarantee every single client will happily use the secondary DNS but it probably should.

I do think it would be nice to have the option to add a secondary DNS in the pihole DHCP config gui though.

Thanks

1 Like