Redundant PiHole settings

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
ATHF
DD-WRT Guru


Joined: 14 Dec 2015
Posts: 725
Location: 127.0.0.1

PostPosted: Fri Apr 12, 2019 7:21    Post subject: Redundant PiHole settings Reply with quote
I just added a Pihole to my network, after trying and failing 4 times Laughing .

I found this to get it to work, I am not sure if this is the correct way or not, but it was the only settings that got mine to work. https://discourse.pi-hole.net/t/pi-hole-and-routers-with-third-party-firmware-dd-wrt-tomato-openwrt/18416

Now, my question is, if I wanted to add a backup Pihole in case one goes down, would I just need to add another part of dnsmasq options like the first one..

I.E.
server=10.0.0.141
cache-size=2048
log-async=5
#strict-order
dhcp-option = 6,10.0.0.141

and add something like this
server=10.0.0.142
cache-size=2048
log-async=5
#strict-order
dhcp-option = 6,10.0.0.142

In order to have it to failover to the other.

Thanks for the brain power on here!

_________________
Tutorial for flashing WRT series
WRT Installation,Upgrade & Basic Setup–Cliff Notes
DD-WRT Firmware: r42054: WRT3200ACM, WRT1200ACv1 (Smart crap subnet), WRT1900ACv1
Velop:3 WHW0101, RE6500, RE9000(AP)
TWC/Spectrum - 300/25
SysLog Watcher 5, Security Onion on Virtual Box, Fingboxes, PiHoles
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 6160
Location: Netherlands

PostPosted: Fri Apr 12, 2019 7:47    Post subject: Reply with quote
When your router is on automatic DHCP the ISP DNS server is automatically added.

So in the Additional DNSMasq options start with:
Code:
no-resolv

This will tell DNSMasq not to use the resolv.dnsmasq file

The next step is to tell DNSMasq which servers to use:
Code:
server=10.0.0.141
server=10.0.0.142


Be sure to disable "No DNS rebind" on services tab

Basically, I think, that should be all, other things like cache-size and log-async are optional

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard Client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
ATHF
DD-WRT Guru


Joined: 14 Dec 2015
Posts: 725
Location: 127.0.0.1

PostPosted: Sat Apr 13, 2019 7:53    Post subject: Reply with quote
Thank you egc, I am going to order another one and try it out.
Just one question, when you say the commands start with no-resolv, are you saying that the current settings as the person on my link wasn't right for just one pi-hole?

_________________
Tutorial for flashing WRT series
WRT Installation,Upgrade & Basic Setup–Cliff Notes
DD-WRT Firmware: r42054: WRT3200ACM, WRT1200ACv1 (Smart crap subnet), WRT1900ACv1
Velop:3 WHW0101, RE6500, RE9000(AP)
TWC/Spectrum - 300/25
SysLog Watcher 5, Security Onion on Virtual Box, Fingboxes, PiHoles
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 6160
Location: Netherlands

PostPosted: Sat Apr 13, 2019 9:03    Post subject: Reply with quote
I think the following is all you need
Code:
no-resolv
server=10.0.0.141
server=10.0.0.142
cache-size=2048
log-async=5


Be sure to disable "No DNS rebind" on services tab.

You can consider enabling "Forced DNS redirection" on Service page, this will stop users using their own DNS servers.

But do not take my word for granted, I am not *the* DNSMasq expert Smile

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard Client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 3782
Location: UK, London, just across the river..

PostPosted: Sat Apr 13, 2019 10:23    Post subject: Reply with quote
well, It's interesting why do you need Pi-Hole and the
DDWRT DNSmasq at the same time...
i believe its better to use just one of them as DDWRT has all the options that pihole may offer, but yep
if one fails is an option...

There are reports on the last DDWRT builds there is something dodge with DNSmasq and it fails, but in my all experience and my use of it, never failed with my set up...(im not on the last build yet)
if you want to use PiHole just couse the beautiful interface, graphics and ad-blocking i see, but otherwise
on high end DDWRT routers DNSmasq is capable to all of them

here is what i use in DNSmasq (DDWRT)

addn-hosts=/tmp/dlhosts6699 - this is my adblocker location
cache-size=2000 - i believe only on Kong builds this is working on BS its fixed to 1500 it lines not a bytes
domain-needed - you know this...GGL it if so
bogus-priv - this has been reported as a bug as its constantly on (can ggl it to see wt it does)
no-resolv - despite i have set 3 DNS in basic set up im not using those
strict-order - it polls 1st than if no answer it does the 2d and ect...
server=9.9.9.9 - no comment on this DNS polls predominantly this address first
server=149.112.112.9 - part of a Quard9
server=149.112.112.112 - part of a Quard9
no-negcache - i do not want to have neg/bad/not responded links stored
filterwin2k -filters win spam DNS polls - despite the fact i still see some in wireshark
dhcp-option=43,01:04:00:00:00:02 - this line suppose to filter netBIOS

for ad blocking i run a script to dl a list of host names to block
i do also use to DNSmasq options on GUI DDWRT interface regarding DNSSEC
im not an DNSmasq expert i just read GGL and test and that's what i use in DDWRT
so far never failed...

I reccon if you use Pi-Hole at least it will off load the router as well Pi-Hole seems to have a decent Interface and seems fun Smile

_________________
Atheros
TP-Link WR740Nv1 ------DD-WRT 44251 BS AP,NAT
TP-Link WR740Nv4 ------DD-WRT 44251 BS WAP/Switch
TP-Link WR1043NDv2 ----DD-WRT 444406 BS AP,NAT,AP Isolation,Firewall,Local DNS,Forced DNS,DoT,VPN
TP-Link WR1043NDv2 ----DD-WRT 44340 BS AP,NAT,AD Block,Firewall,Local DNS,Forced DNS,DoT,VPN
TP-Link WR1043NDv2 ----Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm/IPQ8065
Netgear R7800 -------DD-WRT 44340 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Broadcom
Netgear R7000 -------DD-WRT 44340 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,DoT,VPN
------------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
ATHF
DD-WRT Guru


Joined: 14 Dec 2015
Posts: 725
Location: 127.0.0.1

PostPosted: Mon Apr 15, 2019 7:03    Post subject: Reply with quote
Alozaros wrote:
well, It's interesting why do you need Pi-Hole and the
DDWRT DNSmasq at the same time...
i believe its better to use just one of them as DDWRT has all the options that pihole may offer, but yep
if one fails is an option...


First thank you for your reply, and more things for me to explore.
The reason for all of this is, I am disabled, these kind of things help me keep my mind sharp, worked in the industry for 25 years, they don't cost much to mess around with, and I'm bored Laughing
My ultimate goal is to have two pieholes for dns (And DNSSEC in the future as I learn more), possibly have DHCP handled by a third pi (And a secondary/failover if possible). Just have the WRT3200ACM doing the firewall, I know it may be a long way off for me to get around to trying all of it or maybe not possible at all.

As for the question of DNSmasq and pi-Hole, if you are talking about the settings, I don't know, but I just copied what was in the link in my first post to get it working, I tried a few other ways before finally trying to GGL it.

Alozaros wrote:

There are reports on the last DDWRT builds there is something dodge with DNSmasq and it fails, but in my all experience and my use of it, never failed with my set up...(im not on the last build yet)
if you want to use PiHole just couse the beautiful interface, graphics and ad-blocking i see, but otherwise
on high end DDWRT routers DNSmasq is capable to all of them


I've never had a problem with DNSmasq either (albeit it is running on the WRT3200 only for over a year, and no problems with newer firmwares).
And yes, I like beautiful interfaces (or command lines if that doesn't exist), the ad-blocking, and it has actually sped up our ISP speed (Even using the same DNS as was on DD-WRT, not earth shattering speed, but an extra 20 mb/s is nice) thinking of adding one of the touch screens to the first Pi-Hole, to see what it is doing in real time.
All I can say about the setup now is, it is blocking about 25 percent of the DNS queries, I have a total of 67 devices, 63 are on all the time.

I will give anything a try, thanks again for some of your settings, the other pi should be here today or tomorrow, but then I am off to lovely Pennsylvanina, so I may not get to try anything for a bit.

_________________
Tutorial for flashing WRT series
WRT Installation,Upgrade & Basic Setup–Cliff Notes
DD-WRT Firmware: r42054: WRT3200ACM, WRT1200ACv1 (Smart crap subnet), WRT1900ACv1
Velop:3 WHW0101, RE6500, RE9000(AP)
TWC/Spectrum - 300/25
SysLog Watcher 5, Security Onion on Virtual Box, Fingboxes, PiHoles
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 6160
Location: Netherlands

PostPosted: Mon Apr 15, 2019 8:45    Post subject: Reply with quote
@ATHF have a nice trip Very Happy
_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard Client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
ATHF
DD-WRT Guru


Joined: 14 Dec 2015
Posts: 725
Location: 127.0.0.1

PostPosted: Tue Apr 16, 2019 10:39    Post subject: Reply with quote
egc wrote:
@ATHF have a nice trip Very Happy


I'll try, my friends son is picking me up after he goes on leave, now the kid who used to cling to my leg could beat the crap out of me. Now where did I leave my time machine...

_________________
Tutorial for flashing WRT series
WRT Installation,Upgrade & Basic Setup–Cliff Notes
DD-WRT Firmware: r42054: WRT3200ACM, WRT1200ACv1 (Smart crap subnet), WRT1900ACv1
Velop:3 WHW0101, RE6500, RE9000(AP)
TWC/Spectrum - 300/25
SysLog Watcher 5, Security Onion on Virtual Box, Fingboxes, PiHoles
ATHF
DD-WRT Guru


Joined: 14 Dec 2015
Posts: 725
Location: 127.0.0.1

PostPosted: Thu Apr 18, 2019 6:20    Post subject: Reply with quote
Well, it turns out his son is an ass LOL.. So I'll be here til Saturday... So, I decided to try it out.

After a few failures, I took two different answers, here, and here.

I put in:
Code:
server=192.168.1.71
cache-size=2048
log-async=5
#strict-order
dhcp-option=6,192.168.1.71,192.168.1.34


After unplugging a few Google/Alexa devices, and computers, renewing IP's they got both DNS servers active.

So to test, I turned off the first Pi-Hole, and the devices that had their IPs renewed had no problem resolving queries.

*Interesting note about my Velops though, if one DNS goes down, their LED's turn red, but are still fully functional LOL.

_________________
Tutorial for flashing WRT series
WRT Installation,Upgrade & Basic Setup–Cliff Notes
DD-WRT Firmware: r42054: WRT3200ACM, WRT1200ACv1 (Smart crap subnet), WRT1900ACv1
Velop:3 WHW0101, RE6500, RE9000(AP)
TWC/Spectrum - 300/25
SysLog Watcher 5, Security Onion on Virtual Box, Fingboxes, PiHoles
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum