Yes, others have already suggested something similar. I’ll do that first because it is easy. Monitoring-wise, I should already be covered but since prometheus is running on the same server, it was down during the outage. There is room for improvement, for sure! I have a couple of RPis on my network that I can leverage for better monitoring.
Comment on Running DNS server in Docker
daddy32@lemmy.world 6 months ago
Shouldn’t you just have a fallback DNS for cases like these? During the outage, it would be the one used and after the things settle, you would be back at primary.
Maybe some kind of monitoring/notifications on top of thatm
fendrax@jlai.lu 6 months ago
AtariDump@lemmy.world 6 months ago
When it comes to a “secondary”DNS… [there is nothing like a primary and secondary DNS server. These indications are quite misleading but many systems adopted it this way. Pihole only list the DNS servers as primary and secondary, because this is what the providers write on their pages. The bad phrasing is supported especially by how Windows handles it.](https://discourse.pi-hole.net/t/primary-vs-secondary-dns/1536/2)
[Most operating systems implement DNS servers as alternatives, not as fallbacks, i.e. they will query any of both servers from time to time, so it is quite likely that you will loose your Pi-hole filtering capabilities (at least partially) [if you specify a secondary DNS server on your network].](https://discourse.pi-hole.net/t/secondary-dns-server-for-dhcp/1874)
The **ONLY** DNS server you should have set on your network is a/the PiHole(s).
daddy32@lemmy.world 6 months ago
Oh my, TIL. But what then in cases like these, when the Pihole itself is down? You need fallback…
AtariDump@lemmy.world 6 months ago
You need another DNS server. Fallback implies that it’s only there if the first stops responding, which isn’t how DNS works.
fendrax@jlai.lu 6 months ago
For some reason, I am only seeing this comment thread now, so sorry for the late response.
Thanks for those valuable details. But I am still a bit confused. I understand why you are saying that pi hole should be the only DNS server handling requests sent by LAN devices (including the machine hosting the DNS). That’s because it is the only one which can resolve local names (well, that’s actually its upstream dnsmasq running as a sibling container that does that but that’s a minor detail).
But then you say there should be another DNS server to solve my problem. If I put two server entries in
/etc/resolv.conf, one being pi hole and the other my ISP’s DNS, the two of them will be randomly picked by DNS clients. When the ISP’s is used, it will fail to translate local names. I guess there is a way to let the client try the other server after a failure but it will add some undesirable latency.Sorry if I misunderstood your point but after reading the first comments I was quite convinced by the idea of adding a second
nameserverentry in/etc/resolv.conf. Your explanations convinced me otherwise and now I have the impression that I can’t really solve my initial problem in a reliable way.