Hello everyone,
first time ever posting on lemmy, feels good 😉
I have a question regarding DHCP in my local network.
My current setup is as follows:
- DHCP provided by router (Fritz!Box 7490)
- DNS provided by pi-hole hosted on a raspberry pi
- DHCP pushes the IP of the raspberry via DHCP to all clients
My problem is: When the raspberry pi (running pi hole) is down for any reason, none of my devices has internet access anymore. This is due to the fact that the Fritz!Box router (aka DHCP server) has no option to push a secondary DNS as a fallback to its clients.
One option would be to buy another router which has the option to push a secondary DNS, which I would prefer to avoid, since otherwise I am happy with the Fritz!Box.
So I am looking for alternative configurations with my existing hardware. I could for example use pi holes DHCP. Or I could use the DHCP server package of a synology NAS which is also part of my local network. Or is there another option, maybe using some DHCP service on the raspberry pi or in a docker container or something like that? Does anyone have experience with one of these setups and can tell me if it is possible to provide the clients with two (prioritized) DNS options? What would you recommend? Thanks!
deleted by creator
OP already said that their current DHCP solution (the router) can’t push multiple DNS servers. Having a good secondary can be really helpful for things like power blips, maintenance windows, and cats pulling power cables. There are a few solutions that also do ad blocking that can make good secondaries
I don’t think anyone is arguing against dual DNS servers. The distinction being made is that a second DNS server is not a fallback. Most newbies think “secondary” means it will only be used when the primary is unavailable. That’s not true. A client is just as likely to use a secondary DNS as a primary. If only one DNS uses pihole, then the secondary will serve ads because it’s just calling the upstream DNS resolver.
Personally, I accomplished what OP is talking about with two rPis. First serves DCHP from 192.168.1.10 to .100, second serves .101 to .250. I send the two piholes as primary and secondary DNS. I also use Unbound as the upstream, but that is just personal preference.
Depending on the client, it can be. The Microsoft page pretty cleanly defines expected dns client behavior [https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/dns-client-resolution-timeouts#what-is-the-default-behavior-of-a-windows-7-or-windows-8-dns-client-when-two-dns-servers-are-configured-on-the-nic](Microsoft learn). There haven’t been any published changes to this that I’ve seen, and it more or less matches my experience. Linux is a lawless land in this respect, but it really boils down to “it might”, so caveat emptor there. That’s also why I suggested a public ad blocking dns server as a secondary, in case multicast dns does its multicast dns thing
deleted by creator
I was just saying that there can be a lot of good reasons for downtime. Heck, I use a secondary in my network because sometimes my unraid host starts dnsmasq and it clobbers my adguard container
If you set a secondary DNS server, your clients will just use it to get ads, negating the effect of your pihole.
Unless, of course, the second DNS server is a second pi-hole ;p
Thanks. Usually, it does not go down. It is running for years without any problems, just minor downtimes due to update related reboots. But today the pi just wasn’t reachable anymore. No connection to the router, so not reachable via ssh or anything, had to be rebooted. So I started wondering about a fallback plan.
You’d only get ads while the secondary server is active plus the expiry. Not a problem while the pihole is online.
DNS clients only try the secondary resolver if the primary one times out or returns SERVFAIL. If it returns NXDOMAIN or incorrect records there’s no communication with the second DNS server.
To me it sounds like you don’t have a DHCP problem at all, the issue is no website can be resolved when your DNS is down (PiHole).
You really have two options:
- Make sure the PiHole stays up 24/7, with minor downtime for maybe a reboot or an update.
or
- Setup an additional raspberrypi with PiHole and use gravity-sync to keep them synced. Then, I would run ISC-DHCP server on both the raspberrypi’s, one as the primary and the other as the secondary. That way you can specify both of your DNS servers. Make them authoritative and disable your routers DHCP. You can take a look at this guide:
https://stevendiver.com/2020/02/21/isc-dhcp-failover-configuration/
Personally, I like to keep the wife happy so I have option 2 at home, that way the internet never goes down when I tinker.
Edit: Didn’t notice you said your router can’t issue out two DNS servers. I’ve never heard of that.
Keepalived (or similar CARP or VRRP virtual IP system) would allow you to run 2 piholes that share the same virtual IP.
If the main goes down, the backup will take over the virtual IPLol, this is peak selfhosted. The obvious solution is to get a router/DHCP server that is normal enough to push out two DNS servers.
The selfhosted way is to set of keep alived or a load balancer, because why the fuck not.
Nice, but you don’t need this per se. If you have two Piholes doing DNS, one of them can do DHCP and push the two pihole DNS server addresses. If the one with DHCP goes down temporarily you will not get a new addresses, but DNS resolution continues one the one running.
This would be great except OP said that their router can’t push 2 DNS addresses. Otherwise, ya, redundant services is always best
Thanks, didn’t notice that. I edited my comment to reflect.
No worries, I had the same thought at first and was very confused for a minute
Even if your router can issue two DNS servers you shouldn’t add a second that’s not a pihole.
Otherwise a client will just fail over any blocked lookups to the secondary, negating the purpose of a pihole.
Edit: Didn’t notice you said your router can’t issue out two DNS servers. I’ve never heard of that.
Ugh. When I moved into my new place I bought a NetGear Orbi system to hold me over until I got my Ubiquiti gear put in place. Never again.
Just install 2nd pihole on your synology? You can split DHCP across piholes and a router. Like one can handle IPs from 0 to 100 etc. I have 1 pihole on raspberry, another one on server and DHCP is done on the router.
Usually you can just send a second DNS server by separating the IPs with a comma.
That said, I’m running two PiHoles for the exact reason OP noted. These two PiHoles settings are synced with GravitySync.
If I update one PiHole or it goes down for any reason, the second one is there to pickup the slack.
Regarding DHCP: I’d probably turn off the stupid FritzBox DHCP because you really can’t set 2 DNS servers (WTF!) and instead use the PiHole(s) for DHCP.
Thanks.
I think I might try the “pi hole as DHCP” option.
I’d use AdGuard Home for everything.
Second this. I moved from PiHole to AdGH and it’s rock solid stable.
If you already have pihole in your environment, I would just use that. DHCP is pretty light weight, so the pi should be more than capable, and you don’t want to complicate your core services more than you need to
When the raspberry pi (running pi hole) is down for any reason
You can have 2 DNS servers provided over DHCP assignment, if this is really an issue for you (ideally it shouldnt) you should be running 2x PiHoles for failover protection, that way you can take 1 offline and all devices will auto swap to the second one for DNS.
This will also horizontally scale your DNS querying, as devices will just 50/50 flip flop between the two while both are online and it will sort of auto-load balance.
Largely speaking thats your best bet though, just 2x PiHoles for failover protection.
For DHCP just use one of the pi-holes DHCP, or your routers, or whatever, they all largely perform the same but I personally find the pi-hole’s DHCP settings to be easiest to work with (you can even super fast modify them by SSHing in and using nano/vim to text edit the config file, so instead of using a UI you can just copy-paste all the entries in quickly)
If you need to take the DHCP pi-hole offline, you can just flip DHCP on for the second one, however as long as new devices arent connecting you don’t actually need the DHCP server online once everyone has an IP assigned until their registration time is up (24 hours by default) so as long as you get the pi-hole back online quickly, you’re network typically wont even have a problem.
The ISP router for DHCP (so when DHCP is down, the entire Internet is down and you have a much bigger problem to solve), with the DNS being your Pi-hole server
Get a better router.
Get a better router.