So, check this little idea that I have - I want to browse the internet without all sorts of unscrupulous actors collecting every little bit of metadata on me and my family they can possibly get their hands on.
The way secondary DNS works is that a client distributes DNS requests across the primary and secondary DNS servers. So if you have pihole as your primary DNS and, say, 8.8.8.8 as your secondary DNS, you’re sending half of your DNS requests to google unfiltered. And if your pihole DNS goes down, half of your DNS queries time out.
The way to have redundancy with DNS is with a standby server that takes over the IP of the primary server if it goes down. You can do this with keepalived.
And what do you set that secondary DNS entry to? Operating systems may use both, so you need the secondary to point to a pi hole or else you’re letting ads through randomly.
Sure, if your router supports DoH or DoT. Most consumer routers don’t. I know that Mikrotik supports it out of the box, and OpenWRT has a package for that.
Randomly? No, only when your pi goes down. Or when ever you’re looking at something that gets around the simple DNS based ad filtering pinhole does. It’s foolish to spend twice as much money for this level of fail over protection to prevent ads. It’s not like if you see an ad you’re going to die lol. If you’re that opposed to them, sure, go for it, but you’re better off spending your time doing other things to stop ads than maintaining two pi holes because one might fail.
And like the other person said, just use ad guard’s public DNS. I use it on my router and on my phone.
Why call it secondary then, that’s so counterintuitive lol 😭 I guess “the second hardest problem in computer science” applies because I can’t think of a better name either.
Different Operating Systems call it different things. Windows calls it Alternate. Even if it was only used when the primary was down, DNS doesn’t provide any sort of guidance or standard on when to switch between primary and secondary. Is one query timeout enough to switch? How often do you reattempt to the first DNS server? When do you switch back? With individual queries, you can timeout and hit another NS server, but that’s a lot easier at an individual level than to infer a global system state from one query timing out.
Huh? Typically you have a secondary DNS entry on your router
Secondary DNS is not for redundancy!
The way secondary DNS works is that a client distributes DNS requests across the primary and secondary DNS servers. So if you have pihole as your primary DNS and, say, 8.8.8.8 as your secondary DNS, you’re sending half of your DNS requests to google unfiltered. And if your pihole DNS goes down, half of your DNS queries time out.
The way to have redundancy with DNS is with a standby server that takes over the IP of the primary server if it goes down. You can do this with keepalived.
That’s so weird wtf why don’t they call it something like “DNS pool” then?
And what do you set that secondary DNS entry to? Operating systems may use both, so you need the secondary to point to a pi hole or else you’re letting ads through randomly.
dns.adguard.com
Sure, if your router supports DoH or DoT. Most consumer routers don’t. I know that Mikrotik supports it out of the box, and OpenWRT has a package for that.
They have IPs too: https://adguard-dns.io/en/public-dns.html
94.140.14.14
94.140.14.15
Randomly? No, only when your pi goes down. Or when ever you’re looking at something that gets around the simple DNS based ad filtering pinhole does. It’s foolish to spend twice as much money for this level of fail over protection to prevent ads. It’s not like if you see an ad you’re going to die lol. If you’re that opposed to them, sure, go for it, but you’re better off spending your time doing other things to stop ads than maintaining two pi holes because one might fail.
And like the other person said, just use ad guard’s public DNS. I use it on my router and on my phone.
Not how secondary DNS works. It round robins the requests across primary and secondary DNS servers.
Why call it secondary then, that’s so counterintuitive lol 😭 I guess “the second hardest problem in computer science” applies because I can’t think of a better name either.
I don’t think that’s even the official naming. It probably comes from what Windows 95 called it back in the day:
On Linux, it’s just an additional “nameserver x.x.x.x” line in
/etc/resolv.conf, with no indication of which is the “primary” or “secondary”.Different Operating Systems call it different things. Windows calls it Alternate. Even if it was only used when the primary was down, DNS doesn’t provide any sort of guidance or standard on when to switch between primary and secondary. Is one query timeout enough to switch? How often do you reattempt to the first DNS server? When do you switch back? With individual queries, you can timeout and hit another NS server, but that’s a lot easier at an individual level than to infer a global system state from one query timing out.
I have two piholes - they serve different DHCP ranges (e.g. 1-100 and 101-250), and option 6 references each other.