Currently have nice long docker compose file that hosts my PiHole V6 container (along with a bunch of other containers) however, reason i ask this question is because whenever I go to pull an updated image and recreate the container I experience about 20 minutes of no DNS resolution which to my knowledge is due to the NTP clock being out of sync.
What’s the best way to host a DNS sinkhole/resolver that can mitigate this issue?
Was thinking of utilizing Proxmox & LXC but I suspect I’ll get the same experience.
You must log in or register to comment.
This is overkill.
I have a dedicated raspberry pi for pihole, then two VMs running PowerDNS in Master/Slave mode. The PDNS servers use the Pihole as their primary recursive lookup, followed by some other Internet privacy DNS server that I can’t recall right now.
If I need to do maintenance on the pihole, power DNS can fall back to the internet DNS server. If I need to do updates on the PowerDNS cluster, I can do it one at a time to reduce the outage window.
I run my pi-hole on a dedicated Pi, and I pull the updated image first without any trouble. Then after the updated image is pulled, recreating the container only takes a few seconds.
Dunno what’s broken about your setup, but it definitely sounds like something unusual to me.
I think something else may be wrong if it breaks for 20 minutes. How long does it take for compose to bring the stack up?
Also assuming you run ntpd or chrony, it should always keep your clock in sync.
I think something else may be wrong if it breaks for 20 minutes.
When I originally setup my PiHole many, many, many months ago when I was still learning the Docker engine I had little to no issue.
I don’t know what caused it either being a power-outage or network loss but ever since I’ve been experiencing DNS related issues (I suspect it’s NTP not syncing), some days I’ll wake up before work realizing “oh shit I have no internet access” frantically trying to fix the issue.
I think i might take the advice of other commenters here and host two PiHole servers on separate devices/stacks, just got to hope my router supports it.
spin up a second pihole docker and upgrade them separately so they can failover to the other one while upgrading. I do not have an issue with 20min lose of DNS after updating my pi.hole docker, but I did spin up a second one when I wanted to try unbound+pi.hole and just kept them both up/running.
spin up a second pihole docker and upgrade them separately so they can failover to the other one while upgrading.
Think I’m going to take this advice and put it in action! Thank you!
Running unbound on my opnSense with the appropriate blacklists for ad filtering.
If you run a single DNS server, you will always have downtime when it’s restarted.
The only way to mitigate that, is to run 2 DNS servers.
I setup my network to use pihole as the first DNS and the router as the second, most of the time pihole is used. Unless it’s down
Just be sure that the second server in the list is also a black hole. If you don’t, all black holed requests will fallback to the second DNS… which, if it doesn’t also black hole them, will wind up serving you ads and defeating the point!
Personally I find a single Pi is just fine for DNS. It only takes like 10 seconds to reboot. Less, if you use M.2 storage via a HAT or boot from USB! That’s pretty fine downtime. But if you’re afraid you’ll knock over the network and get yelled at by your family or housemates, best to use a backup :)
How do you set up clients so they will always use the first one? I thought if a client knows 2 servers they will switch between them.
I plan to add a second Pihole at some point and keep them synced
Yeah, you can’t. There is no guarantee that clients will use dns servers in any particular order.
Are you using pihole to also create custom local DNS records?
Yes, mostly just the hostnames
For a critical service like DNS, I decided to set it up bare metal on a Raspberry Pi 2 (even a Pi Zero should work). It’s been working fine for years, I just update it from time to time. That way I can mess with my homelab without worrying about DNS issues.
Funny enough, the Pi Zero uses the CPU from the 3 and the Zero 2 uses the CPU from the 3+, so they’re both more powerful than a 2 anyway :)
Pi Zero uses the CPU from the 3
No, the original Pi Zero uses the CPU of the Pi1 (only clocked higher). So it is quite a bit slower than a Pi 2, since it has only a single ARMv6 CPU core. Still fine for a DNS server on a typical home network.
I am running AdGuard Home DNS, not PiHole… but same idea. I have AGH running in two LXCs on proxmox (containers). I have all DHCP zones configured to point to both instances, and I never reboot both at the same time. Additionally, I watch the status of the service to make sure it’s running before I reboot the other instance.
Outside of that, there’s really no other approach.
You would still need at least 2 DNS servers, but you could setup some sort of virtual IP or load balancing IP and configure DHCP to point to that IP, so when one instance goes down then it fails over to the other instance.
