Setting up Pi-hole

I need to get this working, tried a few times but could never get it to work.
No DNS option on my router so tried the DHCP method and it wouldn't work no devices would connect to the network.
 
If there's no setting on your router to change DNS servers then I think the only way to do it is to manually configure your devices with a fixed IP & DNS. Or get a decent router.
 
DragonQ said:
If there's no setting on your router to change DNS servers then I think the only way to do it is to manually configure your devices with a fixed IP & DNS. Or get a decent router.
Click to expand...
I do have my eye on the Edgerouter 4.
Pi-hole runs on my Asustor NAS which keeps things tidy.
 
robj20 said:
I do have my eye on the Edgerouter 4.
Pi-hole runs on my Asustor NAS which keeps things tidy.
Click to expand...
I went for EdgeRouter X because the only real advantage of the EdgeRouter 4 is supporting FTTP speeds with advanced features like QoS, which I probably won't need for years. On the flip side, the X has several advantages over the 4: hardware switching, 1 passive PoE port, lower power consumption and footprint, much cheaper. But yes, the EdgeRouter series as a whole is meant to be solid and will let you control DNS, etc. There is nothing particularly wrong with the feature set of my Archer VR900 but it's unreliable (WAN goes down for no apparent reason sometimes, requiring a hard reset) and a bit clunky (e.g. preventing a conected device from having internet access is a major faff).

The worst thing about my Pi-hole is it runs in a VM on my main server. That means any time the server goes down (e.g. for kernel update reboot), we lose internet access. I might plump for a Raspberry Pi of some description to run as a backup. I wish there was a Zero-like super cheap device but with Ethernet.
 
I have FTTP so the speed of the ER4 would be required maybe not now, (have 150Mb) but maybe in the near future.
Already have a POE switch so not missing anything there either.
Think I'll add it to my list of things I want.
 
DragonQ said:
The worst thing about my Pi-hole is it runs in a VM on my main server. That means any time the server goes down (e.g. for kernel update reboot), we lose internet access. I might plump for a Raspberry Pi of some description to run as a backup. I wish there was a Zero-like super cheap device but with Ethernet.
Click to expand...

You can use a cheap ethernet module with a Pi Zero, the modules are about £5. But even a full sized Pi is cheap enough so I have a virtual instance running on ESXi and a physical instance running on a Pi 3. My DHCP server dishes out the IP addresses of both Pi-Hole instances as the DNS servers so if one of then goes down my clients still have functioning DNS.
 
I made some changes to my Pihole setup. Rather than have each one give out itself as primary and the other as secondary, they both now give out the same device as primary and secondary.

To explain further (as that may not be clear): Pihole1 gives Pihole1 as primary and Pihole2 as secondary. Pihole2 also gives out Pihole1 as primary and Pihole2 as secondary.

I've seen places that claim that primary and secondary don't actually mean primary and secondary, that clients will use them both equally. That's blatantly incorrect, there's very little 'leakage' from clients actually getting through to the secondary Pihole.

Pihole1
rNcDzSc.png

Pihole2
PmRFplP.png

The reason for doing this is that I had a spare Pi4 laying around and thought I'd use it for a primary Pihole with proper gigabit. It doesn't need the processing power of a Pi4 but I just wanted DNS to be as fast as possible and no other model has real gigabit.

I still have full redundancy, if Pihole1 stops working, all the clients use Pihole2 (I've tested this).
 
Feek said:
I've seen places that claim that primary and secondary don't actually mean primary and secondary, that clients will use them both equally. That's blatantly incorrect, there's very little 'leakage' from clients actually getting through to the secondary Pihole.
Click to expand...

I've never heard of that.

In theory and as you've demonstrated it should use the primary unless it's unavailable in which case it should failover to the secondary.

In practice this works for most devices, but (historically) some devices will not automatically return to the primary, unless the secondary then fails - which is why it's a bad idea to use e.g. the Router/ISP/Google DNS server directly as a secondary (and better to leave blank if you only have 1 pihole instance), as they then get "stuck" on an unfiltered DNS Server.
 
Different clients use DNS servers in different ways. Windows boxes will generally use the primary exclusively but a lot of IoT devices don't look at then as primary and secondary DNS servers they look at them as 2 valid DNS servers so will use whichever they see fit at a given time.

To illustrate it, prior to be installing a bunch of IoT WiFi LED downlights the split between my 2 Pi-Hole isntances was probably 95/5 weighted towards the primary. Now it's about 65/35 weighted towards the primary.

Primary over the last 24 hours:
lBBtDvg.png

Secondary over the last 24 hours:
CnNPixu.png

The difference in the client number roughly equates to the number of iOS, Windows and Android clients in the house.
 
Looking into the Pi-Hole logs, nearly all the queries hitting the secondary Pi-Hole instance are from my IoT VLAN. There's still some queries from VLAN1 but I dn't see anything from the Windows, Android or iOS clients but ti seems the a Sky Q box likes to make use of both servers.
 
re blocking YT, mines been blocking it for a while now but my lists are empty since I updated.
not sure where the blocks are coming from but for a while now I just get a white window with "skip" rather than any adverts from google.

also don't forget to update to 5.5 to fix the security issues with dnsmasq
edit
this regex does it i think

Code: 
(\.|^)https://yt3\.ggpht\.com/$
 
Last edited:
VeNT said:
re blocking YT, mines been blocking it for a while now but my lists are empty since I updated.
not sure where the blocks are coming from but for a while now I just get a white window with "skip" rather than any adverts from google.

also don't forget to update to 5.5 to fix the security issues with dnsmasq
edit
this regex does it i think

Code: 
(\.|^)https://yt3\.ggpht\.com/$
Click to expand...

Are you sure you don't have a local adblocker loaded that's doing that? I don't have anything like the above configured but I know the Pi-Hole doesn't block it at all (even with lots of lists) and thought the general wisdom was it was difficult/impossible and a moving target. I do have ABP loaded on my MacBook and that does exactly the behaviour you describe.
 
You must log in or register to reply here.
Back
Top Bottom