So, check this little idea that I have - I want to browse the internet without all sorts of unscrupulous actors collecting every little bit of metadata on me and my family they can possibly get their hands on.
The way secondary DNS works is that a client distributes DNS requests across the primary and secondary DNS servers. So if you have pihole as your primary DNS and, say, 8.8.8.8 as your secondary DNS, you’re sending half of your DNS requests to google unfiltered. And if your pihole DNS goes down, half of your DNS queries time out.
The way to have redundancy with DNS is with a standby server that takes over the IP of the primary server if it goes down. You can do this with keepalived.
And what do you set that secondary DNS entry to? Operating systems may use both, so you need the secondary to point to a pi hole or else you’re letting ads through randomly.
Randomly? No, only when your pi goes down. Or when ever you’re looking at something that gets around the simple DNS based ad filtering pinhole does. It’s foolish to spend twice as much money for this level of fail over protection to prevent ads. It’s not like if you see an ad you’re going to die lol. If you’re that opposed to them, sure, go for it, but you’re better off spending your time doing other things to stop ads than maintaining two pi holes because one might fail.
And like the other person said, just use ad guard’s public DNS. I use it on my router and on my phone.
Sure, if your router supports DoH or DoT. Most consumer routers don’t. I know that Mikrotik supports it out of the box, and OpenWRT has a package for that.
Huh? Typically you have a secondary DNS entry on your router
Secondary DNS is not for redundancy!
The way secondary DNS works is that a client distributes DNS requests across the primary and secondary DNS servers. So if you have pihole as your primary DNS and, say, 8.8.8.8 as your secondary DNS, you’re sending half of your DNS requests to google unfiltered. And if your pihole DNS goes down, half of your DNS queries time out.
The way to have redundancy with DNS is with a standby server that takes over the IP of the primary server if it goes down. You can do this with keepalived.
And what do you set that secondary DNS entry to? Operating systems may use both, so you need the secondary to point to a pi hole or else you’re letting ads through randomly.
Randomly? No, only when your pi goes down. Or when ever you’re looking at something that gets around the simple DNS based ad filtering pinhole does. It’s foolish to spend twice as much money for this level of fail over protection to prevent ads. It’s not like if you see an ad you’re going to die lol. If you’re that opposed to them, sure, go for it, but you’re better off spending your time doing other things to stop ads than maintaining two pi holes because one might fail.
And like the other person said, just use ad guard’s public DNS. I use it on my router and on my phone.
Not how secondary DNS works. It round robins the requests across primary and secondary DNS servers.
dns.adguard.com
Sure, if your router supports DoH or DoT. Most consumer routers don’t. I know that Mikrotik supports it out of the box, and OpenWRT has a package for that.
They have IPs too: https://adguard-dns.io/en/public-dns.html
94.140.14.14
94.140.14.15
I have two piholes - they serve different DHCP ranges (e.g. 1-100 and 101-250), and option 6 references each other.