So, been thinking this through. I didn't realize that primary and secondary DNS could in fact be both used in parallel. I had assumed that secondary would be used only if primary failed. If I had a dedicated DNS server for pi-hole this might be okay (raspberry pi on my network maybe?) but I have it running in a VM which is running on Astlinux and it is also my UniFi Controller. I am trying to cover the possibility of that VM not being running, even if for just a few minutes during a reboot. When Astlinux reboots the VM image also restarts but maybe delayed by a minute or two as it goes through its boot. So DNS will take longer to come back up.
I think two choices. I can change DHCP to push out the IP address of pi-hole VM. Or I can put some iptables rules in place to reroute DNS requests that come in to Astlinux (using NAT rules, needs both DNAT and SNAT rules). The benefit of iptables rules is that I could apply it to entire network (even statically assigned clients) if I want and I can quickly revert the entire network to using Astlinux directly for DNS if I need to. But it is a more complex solution than just pushing out a DNS server address. Pondering over this. Any thoughts? David On Fri, Oct 19, 2018 at 5:33 PM Lonnie Abelbeck <li...@lonnie.abelbeck.com> wrote: > Ahhh, pi-hole .... > > Keep in mind that depending on the DNS client, given two DNS server IP's > they can be queried in parallel and not just failover as primary/secondary > would imply. > > Can you configure AstLinux to use the pi-hole IP as the system's static > DNS server ? or is there a startup chicken/egg issue ? > > Network -> DNS: ____ > > Lonnie > > > > > On Oct 19, 2018, at 4:13 PM, David Kerr <da...@kerr.net> wrote: > > > > I'll try dnsmasq.static. As to why... I have installed pi-hole ( > https://pi-hole.net/) on a VM and want to point clients at it as primary > DNS, astlinux as secondary in case it fails. I configured pi-hole to use > my astlinux as its primary DNS so all queries will ultimately go through > astlinux, after pi-hole has done its thing to filter out the unwanted. No > idea if I will keep this but thought I would give it a try and see if the > family notices or if anything breaks. > > > > David > > > > On Fri, Oct 19, 2018 at 4:54 PM Lonnie Abelbeck < > li...@lonnie.abelbeck.com> wrote: > > > > > > > On Oct 19, 2018, at 3:44 PM, David Kerr <da...@kerr.net> wrote: > > > > > > I'm probably just overlooking it, but is there a way for me to define > the DNS servers that get pushed to clients in DHCP responses? Say I wanted > to push out 192.168.1.2 instead (or as well as) 192.168.1.1, how would I do > that? > > > > No trivial way. Possibly you could override the > "dhcp-option=lan,option:dns-server,.." value using /mnt/kd/dnsmasq.static . > > > > Which begs the question, Why ? :-) > > > > Lonnie > > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. >
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
