When Pi-hole is down?

I have an asus router with a pi-hole on the network.

I was doing some work on my server and noticed that when pi-hole was down, I couldn’t access the internet. I was looking for some ideas online how to deal with this, but they said to have a second pihole on the network in case one is offline. Is that the only way to do it? Is there any way to have the network go back to normal if the pihole is offline?

Add another DNS server (1.1.1.1, for instance) to your DHCP options. Your DHCP clients will use 1.1.1.1 when the pi-hole isn’t responsive.

Yeah this is the next best option, but a secondary pihole is the best, so you still get the dns blocking while the first one is down.

You listed cloudflare now (1.1.1.1) but I prefer https://www.quad9.net/ for the privacy and security.

Didn’t know that, thanks for clarification!

Then I suggest two piholes. :)

Does it really do that? I thought if pi-hole blocks it, it just says nothing here, normally a pc then looks up your secondary dns and then ads are back at it.

This was my experience when i did that.

No, that is not how DNS blocking works. It doesn’t just avoid responding, it responds but with a response that says that the domain does not exist or one that points to a different IP address.

Yes, your experience will be different if your DNS is being provided by another kind of DNS resolver. If you want a consistent pi-hole experience (and you can’t avoid downtime of your current pi-hole), add another pi-hole to your network and let that be your secondary DNS resolver.

Except when the ONLY pi-hole is down, which was the original OP’s whole question.

Wait, but then you cant tell if your device will use pihole even if its up. Afaik primary/secondary dns is not used in that order. I think best way is to set up 2nd pihole

They will also use 1.1.1.1 whenever they want. The order is not guaranteed.

Hosts also tend to use the same one for some time, so if your pihole went down clients may still favor 1.1.1.1 even after it comes back up.

I don’t think this accomplishes what he wants. The router DHCP will assign the second DNS address as you mention, but the devices will select one at random, not as a backup/failover. So what happens is that devices sometimes go through the Pi-hole and sometimes go through the secondary DNS address and receive ads. The only real way I’m aware of is to have a second pi-hole for redundancy. Personally, I decided to use a cloud based service (NextDNS) for this exact reason. I didn’t want my families internet to rely on devices that I host.

I think it depends. In my limited experience, because I have not tested this thoroughly, most systems pick the first DNS adresses and only send requests to the second if first doesn’t respond.

This has lead at least a couple of times to extremely long timeouts making me think the system is unresponsive, especially with things like kerberos ssh login and such.

I personally set up my DHCP to provide pihole as primary, and my off site IPA master as secondary (so I still have internal split brain DNS working in case the entire VM host goes down).

Now I kinda want to test if that offsite DNS gets any requests in normal use. Maybe would explain some ad leaks on twitch.tv (likely twitch just using the same hosts for video and ads, but who knows).

Edit: If that is indeed the case, I’m not looking forward to maintaining another pihole offsite. Ehhh.

It is entirely the case.

DNS queries will go to all on the list, and use whatever responds first.

If you are seeing occasional ad leaks, this is why.

How many queries a month do you have? I’m at 15 days and I’m already at 750K. Do you pay for your service? I can do that, just curious what is common.

I’m at 30k blocked per day, over 100k queries per day.

This on a small 2 user network, with a handful of machines, but a fucking Samsung TV. That goddamn thing constantly pings all sorts of shit.

If I really restrict it (breaking some stuff on the TV), I can get to 35% of queries blocked per day, mostly from it.

Though nominal blocking kills the ads on the menu system, pretty well, making it much more responsive.

I’m not exactly sure how many queries, but it’s above the free limit. I purchased the pro plan. For $20 a year and it’s been a great service for me. I can send a referral code for 30% off (I think). I think adguard has a similar service.

Umm, yea, if your DNS server is offline, how do your machines know how to resolve DNS names to IP addresses?

Which is why IP config has the capability for multiple DNS servers.

If this is surprising, you may wanna read up on your networking.

I think he realized that, he’s looking for a solution though.

Why the extra snark? This person is asking a question. Easy to argue that he is trying to learn more about networking, why ostracize?

~~Use something like AdGuard or NextDNS as your secondary resolver~~

Check out the comment by @AtariDump@lemmy.world

Damn, fuck Windows. Fortunately I don’t have to use it.

The ONLY DNS server you should have set on your network is a/the PiHole(s).

That’s exactly what I do, since I never had any stability issues with my Pihole.

It’s not just windows.

Primary and secondary dns is not a thing. There is no priority for DNS. Depending on the device it will use ether address and will only try the other on failure.

Windows calls them ‘preferred’ and ‘alternate’ DNS servers. That roughly translates to primary/secondary.

Yeah, that’s how they are named, my experience showed that the devices used whichever of the two they wanted.

I have my pi-hole setup as the upstream DNS in my router, with cloudflare as a secondary DNS. That way, all my devices always use the router for DNS (since that’s what is advertised in my DHCP) and the router then uses pi-hole if it’s available, or cloudflare if it isn’t. But the individual device doesn’t get to choose between different servers.

The vast majority of devices that allow setting multiple DNS servers do not strictly prioritise one over the other even if they label it as primary and secondary.

That’s why I don’t let every device decide individually. I know my router (FritzBox) prioritizes the pi-hole (it’s even called “preferred” and “alternative” DNS-Server in the UI)

Those labels are quite common too with systems that do not prioritize one over the other.

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

When Pi-hole is down?

Selfhosted

!selfhosted@lemmy.world

Community stats

Community moderators