Kitz Forum
Computers & Hardware => Networking => Topic started by: Intoxicating on April 29, 2020, 11:44:05 AM
-
Hey,
I’ve been using a Pi-hole for years without any issues with my old Unifi USG Router, two weeks ago got a Firebrick 2900 and now stuck on the correct config to get the brick to use the Pi-hole and not cause issues.
The Pi-Hole works without issue if I just change the clients manually to relevant addresses but whenever I make the brick give those addresses out via dhcp the dns stops.
-
Any reason you are not making pi-hole give out dhcp?
-
I have a Firebrick 2900, what is the config you are using for dns right now ? The xml, that is.
-
Any reason you are not making pi-hole give out dhcp?
usually the better option to leave DHCP on the router, and set the router to give up the IP of the pi-hole for DNS via DHCP (with an external DNS set as secondary).
that means if the pi-hole fails you don't lose DHCP or DNS.
-
usually the better option to leave DHCP on the router, and set the router to give up the IP of the pi-hole for DNS via DHCP (with an external DNS set as secondary).
that means if the pi-hole fails you don't lose DHCP or DNS.
What do you mean secondary dns?
DNS is a race condition, a dns request is sent to all dns servers simultaneously, and the one that replies first wins.
There is no such thing as secondary dns.
-
secondary as in "alternate DNS server"
if you have your pi-hole set as your only DNS and it goes down then you lose all DNS resolution.
if you add a second/alternate DNS server then you won't lose it should the pi-hole go down.
-
As pointed out, if you have a secondary DNS then half of your DNS lookups may be from normal DNS with half from the PiHole, not at all what you want.
I'd be more curious if the Firebrick can't do everything the PiHole is in the first place?
-
As pointed out, if you have a secondary DNS then half of your DNS lookups may be from normal DNS with half from the PiHole, not at all what you want.
better than having no DNS though should the pi-hole fail.
-
better than having no DNS though should the pi-hole fail.
Its not though, as at best it completely breaks the point of having the PiHole, at worst it will utterly break things due to randomly resolving domains normally and other times the PiHole override (as I presume PiHole is being used for AdBlocks, etc).
Its not advised to even use two different DNS providers if their results might differ.
-
then you need to run two separate pi-hole servers then to allow for failure.
running just 1 DNS server is fool-hardy.
it's why third party DNS providers provide 2 IP addresses to use.
-
then you need to run two separate pi-hole servers then to allow for failure.
running just 1 DNS server is fool-hardy.
it's why third party DNS providers provide 2 IP addresses to use.
If you only have one router then that's your biggest point of failure anyway and usually where most people resolve their DNS, their SINGLE DNS cache server.
It doesn't hurt to have a backup DNS server that duplicates the primary, but its certainly overkill for most home users.
-
but if the router fails then DNS resolution is the least of your worries.
and one might say setting up a pi-hole dns server is also overkill for most home users.
-
Finally put my pihole in the cloud, £19 a year for no adverts on dedicated hardware.
-
Swapped from pihole to adguard home on a virmach VPS.
£18 a year for a DNS in the cloud.
Reasons to switch, Kitz adverts are displayed, and I can clearly see malware requests etc.
Have to have a static IP at home, though adguard also supports DBs over Https certificate authentication and DNS over TLS and DNS over quic.
This means I can create DNS over Https certificates for my iOS and Android devices only open port 443 to the internet and have ad blocking while out.
https://labzilla.io/blog/adguard-dns-over-https
Compare this to how many unprotected pihole are out there in the wild doing open recursion https://www.shodan.io/search?query=%22dnsmasq-pi-hole%22+%22Recursion%3A+enabled%22 and it just makes sense.