Secondary DNS Server for DHCP

Hi all,

is it possible to add a secondary DNS Server to the DHCP configuration of PiHole as fallback?

Scenario: If Pi-Hole is not reachable, the clients in the network should fallback to the router's DNS server.

1 Like

We have had a discussion about "secondary" DHCP servers. You may want to look it up.

In short: Most operating systems implement them as alternatives, not as fallbacks, i.e. they will query any of both servers from time to time, so it is quite likely that you will loose your Pi-hole filtering capabilities (at least partially). That is why we have never implemented this.

3 Likes

What do you recommend at the moment?

I have a my Pi set up in a shared network and about to leave for a few weeks. I am afraid the other people on the network don't know what to do when the pihole fails and will try to reach me on my holiday (which should be as offline as possible :slight_smile: )

Ideally, they would just loose the filtering of the pihole, but not internet when something happens to the pi.

1 Like

I have it running in different environments (two of them at an enterprise level, one with more than 100 clients). They all run on Raspberry Pi hardware in various revisions. They never failed so far, so I wouldn't bother too much.

A clever idea might be to set up two independent Pi-hole's and (two distinct devices in the same network) and set up those two IPs as "primary" and "secondary" servers. All devices should be able to resolve domains, even if one of them fails for some reason. The costs of an extra device (with the excellent NanoPi NEO it is only $8) should perfectly balance with the extra reassurance you have for your holidays.

P.S: This is the post I referred to, just n case you haven't had found it already

3 Likes

Here's an answer (if you're still looking):

sudo nano /etc/dnsmasq.d/02-pihole-dhcp.conf

dhcp-option=6,Pi-holeIP,SecondaryDNSIP

sudo service pihole-FTL restart

You would have to renew release on each host after that to pull the new settings.

Consider running tests with namebench with various combination of DNS servers. Set the fastest one in pi-Hole and a slightly slower one in your secondary DNS resolver (i'm assuming it's your router). I am only talking milliseconds here based on the namebench results.

9 Likes

I like the idea of using two piholes for redundancy.
Are there any plans to have the two piholes sync config data automatically ? E.g. DHCP, custom black & whitelists... ?

This topic may have been discussed before and I'm not sure how much effort it would take to inplement such functionality.
PiHole HA would definetely be very cool.

We try to implement the most popular feature requests, so you may want to vote for this one:

Most operating systems implement them as alternatives, not as fallbacks, i.e. they will query any of both servers from time to time, so it is quite likely that you will loose your Pi-hole filtering capabilities (at least partially). That is why we have never implemented this.

This is a problem because my router requires a secondary DNS server; its not "optional", and it cannot be the same IP as the primary DNS server.

2 Likes

Can you explain what this is doing? Thanks

Sure.

So the

dhcp-option=6,Pi-holeIP,SecondaryDNSIP

Woyld look like this:
dhcp-option=6,192.168.1.2,8.8.8.8

Assuming pi has 192.168.1.2 ip. Replace with what you have.

8.8.8.8 is the google dns

So if you use your pi as dhcp server, it will push those ips as primary and secondary ips.

1 Like

Will this work?
Creating file /etc/dnsmasq.d/05-custom.conf

# DNS
dhcp-option=6,10.0.0.1 10.0.0.2
# NTP Server
dhcp-option=42,10.0.0.1

I have two Pi-holes running here, setup was no problem and putting both in the router's DHCP was simple.

Clients seem to pick one or the other and change from time to time with no issues, they seem to be roughly split between Pis. If I power one down all clients migrate to the one still up. Plug the other back in and after a couple days the clients are once again roughly split between them.

I'm sorry but that is one of the most short-sighted thing I've seen in last ... 20 years! So according to what you say it is better to paralize dns resolving in whole network rather than in case of "server down" situation just let ads trough for time needed for fix. And I'm not even saying about second Pihole for redundancy (which is naturaly first thought - or at least should be), like somone said there are situations where you are forced to give second DNS which makes Pihole useless because like you said yourself there is no fallbacks but alternatives! Second DNS should not be just a feature for voting - it just MUST be there!!!

It's not a Pi-hole issue. Operating systems do not use primary and secondary DNS, there is no such thing as fallback. All DNS servers configured in a client will be used.

2 Likes

In the situation of the router requiring a second DNS entry, there are several potential solutions. Enter the same DNS twice, enter an inactive IP from your LAN range as the second DNS, enter 0.0.0.0 as a DNS. In cases where users have not been able to make any of those options work, using Pi-Hole as DHCP can be a solution. If all of that fails and the router is not configurable (as is sometimes the case with an ISP-supplied router) users have added their own router and put the ISP router in bridge mode or on a different SSID.

Adding to the point mentioned above: If all of the mentioned methods fail (for whatever reason) and you don't have a second Pi-hole for redundancy, you can also simply assign an additional IP address to the same physical network adapter. The process of creating a virtual network interface in Linux is a quite simple matter and can even be done in a one-liner, e.g.,

sudo ifconfig eth0:0 192.168.0.11

You can make the change permanent by adding something like this to your /etc/network/interfaces:

iface eth0:0 inet static
address 192.168.0.11
netmask 255.0.0.0
broadcast 192.168.0.255
3 Likes

You clearly didn't read my post with understanding - I know it's NOT fallback! The issue is that almost all dhcp servers gives you option for alternative DNS, or more which is absolutely usefull in case whan one is down! But for some reason your one doesnt have such basic option in simple way to be set.
@jfb "enter an inactive IP" buahahahaha now thats usefull advice. It will do the same, DNS resolving will be dead if serv is down!
I'm in charge of network which for technical reasons often must be separated in two different ones. My plan is to make one pihole in each of them, on both will run DHCP with exactly the same static leases which makes them redundant, to be perfect dhcps should give clients lease with both DNS.

There are more usless options included in pihole... it's just so stupid to argue about something which is everywhere and its so obvious.

1 Like

I wish you the best of luck then.

This reason is that many users don't have a second Pi-hole. If we'd show them a box to enter another DNS server, most wouldn't know how to handle it. It is likely that such a feature would cause more harm than anything else. I'm not talking about you, however, the typical user might be touching networking the first time at all when they install Pi-hole so this a valid issue.

This is very possible with Pi-hole, however, for the reasons I mentioned above, is not directly available on the web interface.

Create a file /etd/dnsmasq.d/99-second-DNS.conf and enter

dhcp-option=option:dns-server,192.168.0.2,192.168.0.3

(replace the IPs by the local Pi-hole's and the alternative one's). Restart pihole-FTL with sudo pihole restartdns to have it re-read the config files.

Devices that offer this are typically not DNS servers themselves. Routers, for instance, either allow you to set two DNS servers they distribute (the clients will use those DNS servers directly, not ask the router) or use this addresses as their own upstream configuration (in this case clients will only receive the router's IP address as a single DNS server address).
Our DHCP server has never been meant to be a solution that can support more than very basic network topologies. It is meant to be useful for those who cannot change the DNS servers on their ISP-provided routers to have an easy alternative. We still offer a lot of functionality and power, however, most of it is not exposed to keep the interface simple.
We are still here to assist anyone to get the configuration they'd like to set up. And -- often enough -- it turns our that users can achieve what they want with something much simpler than they initially envisaged (This is not the case for you, however, it is still what we see most of the time).

7 Likes

Would it be so painfull to put that in not as just another DNS box but an "expert" option with some simple description and HUGE RED WARNING?!?! Why do I have to take such a stupid detour to utilize option which is so basic, to get all juice out of this really great piece of code? Anyway thx for being patient, I know I may be anoying.