So, an Android phone was still getting IP addresses for blacklisted domains after using pi-hole for DNS, even though my other devices weren't.
Looked at the network connection status and sneaky old Google had added 8.8.8.8 to the DNS servers list, so the DNS servers looked like [192.168.8.4, 8.8.8.8]
I added a second IP address to my DNS server's interface, then changed my dhcp server to push out both those IP addresses. (note that I have samba running an AD server which uses my pihole as the upstream, so I have more control over the dns and the dhcp than pihole gives you normally)
The DNS servers then looked like [192.168.8.4, 192.168.8.5] without google's DNS appended.
I'm guessing that Google currently only add a second DNS when 'redundancy' isn't already provided in your network.
I'd like to see pihole come with an option to enable a second IP address. I use it to block inappropriate content that isn't family friendly so that my family can browse safely so not happy with device vendors actively working around parental controls.
There is an open PR, but currently on hold (@deHakkelaar )
pi-hole:development ← deHakkelaar:patch-6
opened 01:44PM - 16 Nov 20 UTC
Push three IPv4 DNS servers via DHCP instead of a single one which is currently … implemented.
This because some devices automatically populate a secondary or tertiary DNS if not supplied via DHCP.
Below example auto configures 8.8.8.8 for the secondary DNS on a OnePlus device:
https://discourse.pi-hole.net/t/removing-google-dns-after-using-pi-hole-dhcp/40435
Nmap output after the change:
```
$ sudo nmap -sU -p67 --script dhcp-discover 10.0.0.4
Starting Nmap 7.70 ( https://nmap.org ) at 2020-11-16 14:25 CET
Nmap scan report for ph5.dehakkelaar.nl (10.0.0.4)
Host is up (0.0012s latency).
PORT STATE SERVICE
67/udp open dhcps
| dhcp-discover:
| DHCP Message Type: DHCPACK
| Server Identifier: 10.0.0.4
| Subnet Mask: 255.255.255.0
| Broadcast Address: 10.0.0.255
| Domain Name: dehakkelaar.nl
| Router: 10.0.0.1
|_ Domain Name Server: 10.0.0.4, 10.0.0.4, 10.0.0.4
MAC Address: B8:27:EB:xx:xx:xx (Raspberry Pi Foundation)
Nmap done: 1 IP address (1 host up) scanned in 0.96 seconds
```
**By submitting this pull request, I confirm the following:**
*please fill any appropriate checkboxes, e.g: [X]*
- [ X] I have read and understood the [contributors guide](https://github.com/pi-hole/pi-hole/blob/master/CONTRIBUTING.md), as well as this entire template.
- [ X] I have made only one major change in my proposed changes.
- [ ] I have commented my proposed changes within the code.
- [X ] I have tested my proposed changes, and have included unit tests where possible.
- [X ] I am willing to help maintain this change if there are issues with it later.
- [X ] I give this submission freely and claim no ownership.
- [X ] It is compatible with the [EUPL 1.2 license](https://opensource.org/licenses/EUPL-1.1)
- [X ] I have squashed any insignificant commits. ([`git rebase`](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html))
Please make sure you [Sign Off](https://github.com/pi-hole/pi-hole/wiki/How-to-signoff-your-commits.) all commits. Pi-hole enforces the [DCO](https://github.com/pi-hole/pi-hole/wiki/Contributing-to-the-project).
---
**What does this PR aim to accomplish?:**
*A detailed description, screenshots (if necessary), as well as links to any relevant GitHub issues*
**How does this PR accomplish the above?:**
*A detailed description (such as a changelog) and screenshots (if necessary) of the implemented fix*
**What documentation changes (if any) are needed to support this PR?:**
*A detailed list of any necessary changes*
---
* You must follow the template instructions. Failure to do so will result in your pull request being closed.
* Please respect that Pi-hole is developed by volunteers, who can only reply in their spare time.
2 Likes
jfb
November 17, 2021, 3:33pm
3
Pi-hole would only be able to do this if it is the DHCP server.
The workaround for now if you are using Pi-hole as DHCP server is to add a second DNS server assignment in a new dnsmasq configuration file.
I have it running in different environments (two of them at an enterprise level, one with more than 100 clients). They all run on Raspberry Pi hardware in various revisions. They never failed so far, so I wouldn't bother too much.
A clever idea might be to set up two independent Pi-hole's and (two distinct devices in the same network) and set up those two IPs as "primary" and "secondary" servers. All devices should be able to resolve domains, even if one of them fails for some reason. The cost…
Woek around Android's inability to allow you to change DNS while on cellular, f droid and download rethinkDNS.
No root required.
Go look at the network log and scroll to the top, the list continues to grow to keep scrolling back upward to see all the constant entries.
Click on one and block the app a d also the io of that exact connection.