Secondary DNS Server for DHCP

Your solution provided is perfectly simple enough and has enabled me to have a secondary DNS server assigned via DHCP. Your description of why this is not a UI driven option is perfectly in line with the idea of pi-hole.

pi-hole is primarily a DNS server that has some DHCP services attached, it is not a DHCP/DNS solution.

thankyou, was a bit confused as my modem asked for a secondry dns - didn't put it in (after reading this) and it filled it in for me (assuming it is a blank fill in) everything works very well - thanks again - so far blocking all ads :smiley: update - found an ad so i put the same dns in for the primary and the secondry - seems to work so far (and let me do it)...... fingers crossed

1 Like

As it's quite crucial: you mean '"secondary" DNS servers', right?

I think this thread got confused - the accepted solution answers the question I was looking to solve and the one the OP was actually asking I think. I followed the accepted solution with a minor tweak.. dnsmasq will interpret 0.0.0.0 to mean "the address that dnsmasq is running on" (i.e. the address of the pi-hole). So I have the following:

pi@pi-hole:~ $ cat /etc/dnsmasq.d/10-custom-dns-override-dhcp.conf 
dhcp-option=6,0.0.0.0,208.67.220.220

with the second address being one of the OpenDNS servers. This works for me and now DHCP clients are configured with the pi-hole's IP address and the OpenDNS server as their two resolvers, where before they were receiving 8.8.8.8 as the second resolver IP which I guess is hard coded.

My question for the developers then is, why is this not the default? I have already selected OpenDNS as my upstream servers in the pi-hole web config, but I have had to make this modification to get all DHCP clients to use OpenDNS if pi-hole is temporarily unavailable. I do not want machines on my network to use the Google DNS resolver, ever.

Feels like it should be simple enough to change the default behaviour to take account of the configured upstream DNS preference in the DHCP client resolver option.

By distributing a secondary DNS server (that is not also running Pi-hole) to your client via DHCP, the choice of a DNS server happens at your client's discretion.

It is perfectly valid and to be expected that clients will bypass Pi-hole in such a scenario.

See also Why should Pi-hole be my only DNS server?

Understood, and thanks for the link too. I'd thought originally that pi-hole was sending the 8.8.8.8 as a second resolver address in the DHCP response, but after testing further, it isn't, the client was setting it itself because only one was received from the pi-hole. This makes more sense now.

This is a great discussion!

I have a two pi-hole setup, each pi-hole configured with reserved/static addresses for my know devices, each serving dhcp (on non overlapping ranges), and each serving 8.8.8.8/8.8.4.4 as the upstream dns.

Router has dhcp disabled.

If one pihole goes down, I believe that each device will get its next IP lease from the 'still up' pi-hole - as there are the two dhcp servers on the network. However, until the new IP lease, I'm guessing there'll be no DNS resolution? (Lease renewal is 1hr.)

I believe I should edit 02-pihole-dhcp.conf, as at the top of this thread, so that if one pi-hole goes down, devices can receive DNS from the second pi-hole, BEFORE they receive aLtheir new IP lease from the second pi-hole. Is this correct?

And lastly, my 02-pihole-dhcp.conf states 'ANY CHANGES MADE TO THIS FILE WILL BE LOST IN CHNAGE'...

Don't do this. Make a new file in /etc/dnsmasq.d with the configuration lines.

Thanks for the quick reply.

SO, something like 06-pihole-custom.conf; and this new file will over-ride any settings in 01-, 02, 04-pihole...conf?

1 Like

Yes

No. If you have conflicting settings this will cause errors.

This is exactly what I was looking for.
I don't think this should require sshing the server just to configure a second DNS server. Maybe when people start they don't see having a secondary DNS appealing, but the first time they get no internet because their raspberrypi froze, or because the NAS where they are running pihole is doing raid scrubbing they will start to think about having a secondary DNS server. This should be part of some kind of advanced section or something like that.

2 Likes

This looks really good, as I have 2 Pi-holes on my network and would love to have this working..

Do you know if this is still valid for the current release?

1 Like

It is, as pihole-FTL is a fork of dnsmasq and the configuration command is universal/standard.

1 Like

Thanks everyone for this thread and for the Moderator replies.

New user just setup 2 piholes on 2 RPi zeros primary and secondary and works great. I fell over a few times but this post got me working fine on the current versions of everything.

Things I shouldn't have done;

Don't backup your DHCP config file in the same dnsmasq.d dir you'll get duplication errors!
Don't edit the existing DHCP config file as it'll get overwritten on updates on the gui.

Tested and works great once clients have picked up the new DHCP lease, I stopped my primary FTL process and the secondary was used by my macOS client with no discernible lag and reverted straight away once FTL was restarted.

Great way to have a more resilient DNS config although I can't guarantee every single client will happily use the secondary DNS but it probably should.

I do think it would be nice to have the option to add a secondary DNS in the pihole DHCP config gui though.

Thanks

1 Like

confuserated,
Actually, to "Don't edit the existing DHCP config file as it'll get overwritten on updates on the gui", I frequently edit my DHCP config file; I merely use the simplest of scripts:

#!/bin/bash
vi /etc/dnsmasq.d/04-pihole-static-dhcp.conf
pihole restartdns

That way, if I edit the file, I then restart Pihole

1 Like