Now, my question is, if I wanted to add a backup Pihole in case one goes down, would I just need to add another part of dnsmasq options like the first one..
I.E.
server=10.0.0.141
cache-size=2048
log-async=5
#strict-order
dhcp-option = 6,10.0.0.141
and add something like this
server=10.0.0.142
cache-size=2048
log-async=5
#strict-order
dhcp-option = 6,10.0.0.142
In order to have it to failover to the other.
Thanks for the brain power on here! _________________ Tutorial for flashing WRT series WRT Installation,Upgrade & Basic Setup–Cliff Notes
r52242: WRT3200ACM, WRT1200ACv1 & 1 Velop in bridge mode(IoT subnet), r52242 WRT1900ACv1 AP
Velop:2 WHW0101, RE6500, RE9000(AP)
Spectrum - 1000/50
SysLog Watcher 5, New security Onion box coming soon, Fingboxes, PiHoles, NEMS, Cacti, rpisurv
Joined: 14 Dec 2015 Posts: 774 Location: 127.0.0.1
Posted: Sat Apr 13, 2019 7:53 Post subject:
Thank you egc, I am going to order another one and try it out.
Just one question, when you say the commands start with no-resolv, are you saying that the current settings as the person on my link wasn't right for just one pi-hole? _________________ Tutorial for flashing WRT series WRT Installation,Upgrade & Basic Setup–Cliff Notes
r52242: WRT3200ACM, WRT1200ACv1 & 1 Velop in bridge mode(IoT subnet), r52242 WRT1900ACv1 AP
Velop:2 WHW0101, RE6500, RE9000(AP)
Spectrum - 1000/50
SysLog Watcher 5, New security Onion box coming soon, Fingboxes, PiHoles, NEMS, Cacti, rpisurv
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Sat Apr 13, 2019 10:23 Post subject:
well, It's interesting why do you need Pi-Hole and the
DDWRT DNSmasq at the same time...
i believe its better to use just one of them as DDWRT has all the options that pihole may offer, but yep
if one fails is an option...
There are reports on the last DDWRT builds there is something dodge with DNSmasq and it fails, but in my all experience and my use of it, never failed with my set up...(im not on the last build yet)
if you want to use PiHole just couse the beautiful interface, graphics and ad-blocking i see, but otherwise
on high end DDWRT routers DNSmasq is capable to all of them
here is what i use in DNSmasq (DDWRT)
addn-hosts=/tmp/dlhosts6699 - this is my adblocker location
cache-size=2000 - i believe only on Kong builds this is working on BS its fixed to 1500 it lines not a bytes
domain-needed - you know this...GGL it if so
bogus-priv - this has been reported as a bug as its constantly on (can ggl it to see wt it does)
no-resolv - despite i have set 3 DNS in basic set up im not using those
strict-order - it polls 1st than if no answer it does the 2d and ect...
server=9.9.9.9 - no comment on this DNS polls predominantly this address first
server=149.112.112.9 - part of a Quard9
server=149.112.112.112 - part of a Quard9
no-negcache - i do not want to have neg/bad/not responded links stored
filterwin2k -filters win spam DNS polls - despite the fact i still see some in wireshark
dhcp-option=43,01:04:00:00:00:02 - this line suppose to filter netBIOS
for ad blocking i run a script to dl a list of host names to block
i do also use to DNSmasq options on GUI DDWRT interface regarding DNSSEC
im not an DNSmasq expert i just read GGL and test and that's what i use in DDWRT
so far never failed...
I reccon if you use Pi-Hole at least it will off load the router as well Pi-Hole seems to have a decent Interface and seems fun _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 14 Dec 2015 Posts: 774 Location: 127.0.0.1
Posted: Mon Apr 15, 2019 7:03 Post subject:
Alozaros wrote:
well, It's interesting why do you need Pi-Hole and the
DDWRT DNSmasq at the same time...
i believe its better to use just one of them as DDWRT has all the options that pihole may offer, but yep
if one fails is an option...
First thank you for your reply, and more things for me to explore.
The reason for all of this is, I am disabled, these kind of things help me keep my mind sharp, worked in the industry for 25 years, they don't cost much to mess around with, and I'm bored
My ultimate goal is to have two pieholes for dns (And DNSSEC in the future as I learn more), possibly have DHCP handled by a third pi (And a secondary/failover if possible). Just have the WRT3200ACM doing the firewall, I know it may be a long way off for me to get around to trying all of it or maybe not possible at all.
As for the question of DNSmasq and pi-Hole, if you are talking about the settings, I don't know, but I just copied what was in the link in my first post to get it working, I tried a few other ways before finally trying to GGL it.
Alozaros wrote:
There are reports on the last DDWRT builds there is something dodge with DNSmasq and it fails, but in my all experience and my use of it, never failed with my set up...(im not on the last build yet)
if you want to use PiHole just couse the beautiful interface, graphics and ad-blocking i see, but otherwise
on high end DDWRT routers DNSmasq is capable to all of them
I've never had a problem with DNSmasq either (albeit it is running on the WRT3200 only for over a year, and no problems with newer firmwares).
And yes, I like beautiful interfaces (or command lines if that doesn't exist), the ad-blocking, and it has actually sped up our ISP speed (Even using the same DNS as was on DD-WRT, not earth shattering speed, but an extra 20 mb/s is nice) thinking of adding one of the touch screens to the first Pi-Hole, to see what it is doing in real time.
All I can say about the setup now is, it is blocking about 25 percent of the DNS queries, I have a total of 67 devices, 63 are on all the time.
I will give anything a try, thanks again for some of your settings, the other pi should be here today or tomorrow, but then I am off to lovely Pennsylvanina, so I may not get to try anything for a bit. _________________ Tutorial for flashing WRT series WRT Installation,Upgrade & Basic Setup–Cliff Notes
r52242: WRT3200ACM, WRT1200ACv1 & 1 Velop in bridge mode(IoT subnet), r52242 WRT1900ACv1 AP
Velop:2 WHW0101, RE6500, RE9000(AP)
Spectrum - 1000/50
SysLog Watcher 5, New security Onion box coming soon, Fingboxes, PiHoles, NEMS, Cacti, rpisurv
Joined: 14 Dec 2015 Posts: 774 Location: 127.0.0.1
Posted: Tue Apr 16, 2019 10:39 Post subject:
egc wrote:
@ATHF have a nice trip
I'll try, my friends son is picking me up after he goes on leave, now the kid who used to cling to my leg could beat the crap out of me. Now where did I leave my time machine... _________________ Tutorial for flashing WRT series WRT Installation,Upgrade & Basic Setup–Cliff Notes
r52242: WRT3200ACM, WRT1200ACv1 & 1 Velop in bridge mode(IoT subnet), r52242 WRT1900ACv1 AP
Velop:2 WHW0101, RE6500, RE9000(AP)
Spectrum - 1000/50
SysLog Watcher 5, New security Onion box coming soon, Fingboxes, PiHoles, NEMS, Cacti, rpisurv
After unplugging a few Google/Alexa devices, and computers, renewing IP's they got both DNS servers active.
So to test, I turned off the first Pi-Hole, and the devices that had their IPs renewed had no problem resolving queries.
*Interesting note about my Velops though, if one DNS goes down, their LED's turn red, but are still fully functional LOL. _________________ Tutorial for flashing WRT series WRT Installation,Upgrade & Basic Setup–Cliff Notes
r52242: WRT3200ACM, WRT1200ACv1 & 1 Velop in bridge mode(IoT subnet), r52242 WRT1900ACv1 AP
Velop:2 WHW0101, RE6500, RE9000(AP)
Spectrum - 1000/50
SysLog Watcher 5, New security Onion box coming soon, Fingboxes, PiHoles, NEMS, Cacti, rpisurv