Using a 2nd RPi Pi-hole for Redundancy - Setup Question

Please follow the below template, it will help us to help you!

Expected Behaviour:

With a 2nd RPi-3B+ Pi-hole for redundancy, network clients will use the secondary Pi-hole should the primary fail. Neither Pi-hole will be running DHCP as that will be provided by a UniFi USG. Each Pi-hole will be assigned a different static IP address. The USG will also be configured to only have both Pi-holes listed as DNS servers.

Actual Behaviour:

I’ve gone through the community posts, but couldn’t find a post that didn’t exactly match what I’m trying to do as most have their Pi-holes also running DHCP.

My question is: Are there any other settings, other than having unique IP addresses and both Pi-holes listed as DNS servers on my USG, required to make this work?

Debug Token:

N/A

This is actually not the expected behavior. With multiple DNS servers available, clients are free to use any of them at any time, and DNS traffic can go to both Pi-Holes. There is no reliable concept of “primary” and “secondary” in most setups.

No. The setup you describe will work fine. I run pairs of Pi-Holes this way. Each is setup similarly, but with a different LAN IP. The router lists them both and clients are free to use both. If either Pi-Hole fails or goes offline, the other half of the pair picks up the DNS traffic seamlessly.

@jfb
Excellent! Thanks for both clearing up how clients will use DNS and for confirming I was on the “right track” with the setup of the redundant pair.

I run two Pi-Hole machines in the same manner…My ‘Primary’ one seems to log 4x the amount of ‘Total Queries’ and ‘Queries Blocked’. Which appears to contradict the theory that each Pi-Hole DNS server can be chosen at random by interfaces on the network.

I’m pretty sure it just depends on the OS implementation. They can use any algorithm they want to choose the DNS server to use. Some of them will go first to last, some will round-robin the requests. I think there are some that will even submit requests to everyone in their list and just use the first response. There are probably implementations out there that are smarter and use response times to sort servers in order according to speed, sending requests in that order. I haven’t cared enough to study to determine which OSes work which way, but I do remember that the DNS forwarder in Windows Server 2008 let you specify a timeout for each forwarded DNS request before it’d try the next server in your list.

I’ve been watching the behavior on my home network a bit and I’m seeing duplicate requests sent to the other DNS servers that come to the pi-hole. On some annoying consumer electronics the requests for domains that are in blocklists are re-requested from the second DNS server too (so I’ll see 3 clients on the pi-hole requesting the same domain when this happens). Since all the external requests from that DNS server are forwarded to the pi-hole, it’s just slowing down response times, so I’m going to remove the local DNS server from DHCP and add a second pi-hole to try to minimize the hops between devices. Hope this helps.

As a single data point, with Apple routers and MacOS clients, about 99% of the DNS traffic goes to the first DNS server listed. But, even with that, they will occasionally jump to the other DNS server and stay there for a while, but they eventually find their way back.