Kitz Forum

Computers & Hardware => Networking => Topic started by: Intoxicating on April 29, 2020, 11:44:05 AM

Title: Pi-hole
Post by: Intoxicating on April 29, 2020, 11:44:05 AM
Hey,

I’ve been using a Pi-hole for years without any issues with my old Unifi USG Router, two weeks ago got a Firebrick 2900 and now stuck on the correct config to get the brick to use the Pi-hole and not cause issues.

The Pi-Hole works without issue if I just change the clients manually to relevant addresses but whenever I make the brick give those addresses out via dhcp the dns stops.
Title: Re: Pi-hole
Post by: meritez on April 29, 2020, 09:30:47 PM
Any reason you are not making pi-hole give out dhcp?
Title: Re: Pi-hole
Post by: Weaver on April 30, 2020, 12:33:24 AM
I have a Firebrick 2900, what is the config you are using for dns right now ? The xml, that is.
Title: Re: Pi-hole
Post by: chenks on April 30, 2020, 08:06:55 AM
Any reason you are not making pi-hole give out dhcp?

usually the better option to leave DHCP on the router, and set the router to give up the IP of the pi-hole for DNS via DHCP (with an external DNS set as secondary).
that means if the pi-hole fails you don't lose DHCP or DNS.
Title: Re: Pi-hole
Post by: meritez on April 30, 2020, 10:10:49 AM
usually the better option to leave DHCP on the router, and set the router to give up the IP of the pi-hole for DNS via DHCP (with an external DNS set as secondary).
that means if the pi-hole fails you don't lose DHCP or DNS.

What do you mean secondary dns?

DNS is a race condition, a dns request is sent to all dns servers simultaneously, and the one that replies first wins.

There is no such thing as secondary dns.
Title: Re: Pi-hole
Post by: chenks on April 30, 2020, 10:19:09 AM
secondary as in "alternate DNS server"

if you have your pi-hole set as your only DNS and it goes down then you lose all DNS resolution.
if you add a second/alternate DNS server then you won't lose it should the pi-hole go down.
Title: Re: Pi-hole
Post by: Alex Atkin UK on April 30, 2020, 07:55:45 PM
As pointed out, if you have a secondary DNS then half of your DNS lookups may be from normal DNS with half from the PiHole, not at all what you want.

I'd be more curious if the Firebrick can't do everything the PiHole is in the first place?
Title: Re: Pi-hole
Post by: chenks on May 01, 2020, 07:39:45 AM
As pointed out, if you have a secondary DNS then half of your DNS lookups may be from normal DNS with half from the PiHole, not at all what you want.

better than having no DNS though should the pi-hole fail.
Title: Re: Pi-hole
Post by: Alex Atkin UK on May 02, 2020, 05:28:38 AM
better than having no DNS though should the pi-hole fail.

Its not though, as at best it completely breaks the point of having the PiHole, at worst it will utterly break things due to randomly resolving domains normally and other times the PiHole override (as I presume PiHole is being used for AdBlocks, etc).

Its not advised to even use two different DNS providers if their results might differ.
Title: Re: Pi-hole
Post by: chenks on May 02, 2020, 08:27:12 AM
then you need to run two separate pi-hole servers then to allow for failure.
running just 1 DNS server is fool-hardy.
it's why third party DNS providers provide 2 IP addresses to use.
Title: Re: Pi-hole
Post by: Alex Atkin UK on May 02, 2020, 11:34:01 PM
then you need to run two separate pi-hole servers then to allow for failure.
running just 1 DNS server is fool-hardy.
it's why third party DNS providers provide 2 IP addresses to use.

If you only have one router then that's your biggest point of failure anyway and usually where most people resolve their DNS, their SINGLE DNS cache server.

It doesn't hurt to have a backup DNS server that duplicates the primary, but its certainly overkill for most home users.
Title: Re: Pi-hole
Post by: chenks on May 03, 2020, 01:19:24 PM
but if the router fails then DNS resolution is the least of your worries.
and one might say setting up a pi-hole dns server is also overkill for most home users.
Title: Re: Pi-hole
Post by: meritez on April 22, 2021, 04:10:01 PM
Finally put my pihole in the cloud, £19 a year for no adverts on dedicated hardware.
Title: Re: Pi-hole
Post by: meritez on May 08, 2021, 01:37:40 PM
Swapped from pihole to adguard home on a virmach VPS.
£18 a year for a DNS in the cloud.

Reasons to switch, Kitz adverts are displayed, and I can clearly see malware requests etc.

Have to have a static IP at home, though adguard also supports DBs over Https certificate authentication and DNS over TLS and DNS over quic.

This means I can create DNS over Https certificates for my iOS and Android devices only open port 443 to the internet and have ad blocking while out.
https://labzilla.io/blog/adguard-dns-over-https

Compare this to how many unprotected pihole are out there in the wild doing open recursion https://www.shodan.io/search?query=%22dnsmasq-pi-hole%22+%22Recursion%3A+enabled%22 and it just makes sense.