this post was submitted on 05 May 2025
        
      
      462 points (98.3% liked)
      Technology
    76339 readers
  
      
      1628 users here now
      This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
        founded 2 years ago
      
      MODERATORS
      
    you are viewing a single comment's thread
view the rest of the comments
    view the rest of the comments
Huh? Typically you have a secondary DNS entry on your router
Secondary DNS is not for redundancy!
The way secondary DNS works is that a client distributes DNS requests across the primary and secondary DNS servers. So if you have pihole as your primary DNS and, say, 8.8.8.8 as your secondary DNS, you're sending half of your DNS requests to google unfiltered. And if your pihole DNS goes down, half of your DNS queries time out.
The way to have redundancy with DNS is with a standby server that takes over the IP of the primary server if it goes down. You can do this with keepalived.
That's so weird wtf why don't they call it something like "DNS pool" then?
And what do you set that secondary DNS entry to? Operating systems may use both, so you need the secondary to point to a pi hole or else you're letting ads through randomly.
dns.adguard.com
Sure, if your router supports DoH or DoT. Most consumer routers don't. I know that Mikrotik supports it out of the box, and OpenWRT has a package for that.
They have IPs too: https://adguard-dns.io/en/public-dns.html
94.140.14.14
94.140.14.15
Edit: Apparently years of seeing it called primary and secondary led to a fundamental misunderstanding of how it works lol. Just use a pi and ad guard.
Randomly? No, only when your pi goes down. Or when ever you're looking at something that gets around the simple DNS based ad filtering pinhole does. It's foolish to spend twice as much money for this level of fail over protection to prevent ads. It's not like if you see an ad you're going to die lol. If you're that opposed to them, sure, go for it, but you're better off spending your time doing other things to stop ads than maintaining two pi holes because one might fail.
And like the other person said, just use ad guard's public DNS. I use it on my router and on my phone.
Not how secondary DNS works. It round robins the requests across primary and secondary DNS servers.
Why call it secondary then, that's so counterintuitive lol 😭 I guess "the second hardest problem in computer science" applies because I can't think of a better name either.
I don't think that's even the official naming. It probably comes from what Windows 95 called it back in the day:
On Linux, it's just an additional "nameserver x.x.x.x" line in
/etc/resolv.conf, with no indication of which is the "primary" or "secondary".Different Operating Systems call it different things. Windows calls it Alternate. Even if it was only used when the primary was down, DNS doesn't provide any sort of guidance or standard on when to switch between primary and secondary. Is one query timeout enough to switch? How often do you reattempt to the first DNS server? When do you switch back? With individual queries, you can timeout and hit another NS server, but that's a lot easier at an individual level than to infer a global system state from one query timing out.
I have two piholes - they serve different DHCP ranges (e.g. 1-100 and 101-250), and option 6 references each other.