High availability (HA) for Pi-hole (running two Pi-hole's)

lpuerto · May 3, 2018, 11:35am

Oh thanks!

more that something balance ... I want to duplicate the synchronize the configuration

bostonvex · June 21, 2018, 3:11am

Upvoting this feature request!

rjorgenson · July 14, 2018, 6:35pm

Figured I'd throw my hat in the ring here. I also run pihole at home and currently run redundant instances but managing them both is kind of a pain. It would be nice to have one interface that can control/get stats from/etc both(or more) of them. If I need to whitelist or blacklist something I have to do it in two places, if I need to disable it temporarily I have to do it in two places, etc. It would be real nice to be able to manage multiple pihole's from one place.

dephcon · August 9, 2018, 12:57pm

I'm gonna try this out. i already have an nginx instance for reverse proxy remote access for all my docker containers.

dlaurenz · September 6, 2018, 8:18pm

Hey, setting up load balancing is quite easy, but keeping to piholes in sync is not easy. is there anywhere a description which files need to be synced and if a sync runs, does pihole need to be restarted? moreover i already have two dhcp servers on my samba dcs in failover mode (isc-dchp). Is there any chance to cluster the pihole built in dhcp server

nero355 · September 8, 2018, 3:42pm

It's mentioned in this topic : High availability (HA) for Pi-hole (running two Pi-hole's) - #2 by WaLLy3K

Samba DCs as in Active Directory ?!
I am sure there is some DNS forwarding option like Windows has :

Todd_Troutman · September 22, 2018, 10:26pm

HA for pi-hole's is an interesting idea but I have to add that if you want robust HA and synchronization it might be time to level up and go for pfsense and pfblockerng. It might be more dynamite than most people in this thread really want, but for a few cases I see here, it's probably a good path to consider.

If you just want Pi Hole responding faster, I'm running it on both a Pi 3b+ and an Asus Tinkerboard. The path of least resistance to making Pi Hole run faster is the Tinkerboard as it has a proper NIC without a USB backend, a faster CPU and faster onboard eMMC storage. And it fits all your existing cases for a Pi. Every aspect of the Pi Hole is substantially faster on the tinkerboard.

If you still want to run multiple Pi's for redundancy, have a primary and secondary - and rsync the config from the primary? I haven't tried this, but it seems like this should work.

jfb · September 22, 2018, 10:53pm

What speed differences are you seeing in DNS resolution between the Pi and the Asus?

My experience from a cursory scan of query log on two wireless Pi's - typical DNS query being resolved in 10-20 msecs on a Pi-3B+ or 20-30 msecs on a Zero. I compared those two because they are both on third party DNS. I have another Pi-3B+, wired running unbound and a lot more data is cached in that configuration, so it's a few tenths of a msec for most.

I can't see any noticeable difference on the client end from any of these Pi's.

Todd_Troutman · September 23, 2018, 12:26am

Cached? I assume cached is reasonably close to a somewhat decent comparison here - Client on Wifi - Asus on Wire. .1ms for cached.
2018-09-22 19:11:18 A speedtest.network.utexas.edu localhost OK (cached) IP (0.1ms)

A local comparison is out of reach at the moment, the Pi 3B+ I was speaking of is on a family members network. I'd intended to put in a reverse ssh tunnel on that guy but did not. I can bring one up locally though for an A/B comparison in the next few days. speedtest-cli will hit full gig speeds on a gig wan from the Asus - so, it's at least not limited at the NIC.

Any way you look at it, the Pi is fast enough here, all I'm saying is 1%'ers looking to eek out the limits could see this as an easier option to clustering. The Tinkerboard is annoying AF b/c their images assume you will have HDMI display, mouse and keyboard to bring the board up! Other than that, it seems like a good piece of gear.

jovian · October 8, 2018, 4:26pm

Running two piholes currently for redundancy, would be super cool for them to have a sync feature for whitelist/blackist. This is so I dont have to keep mimicking my changes on each one. Querying both would at the same time would be great too.

jfb · October 8, 2018, 4:36pm

Here is a sync setup from a Reddit poster.

https://www.reddit.com/r/pihole/comments/9hi5ls/dual_pihole_sync_20/

anon62498003 · October 8, 2018, 4:54pm

Running Pi-hole on HOST and in VM also, great!

Todd_Troutman · October 9, 2018, 7:59am

After more time running the Tinkerboard with Pi Hole I've decided the Tinkerboard is a complete piece of junk and I would much rather have two Pi's for the same price.

cinghialino · January 16, 2019, 1:47pm

this is a great feature request and I look forward to have it implemented directly on the UI

mT76GUGDZdjvvIs · January 26, 2019, 4:56pm

Hi All-
I'd suggest renaming this feature to something like, "Sync Settings Between 2 or More Pi-hole instances."

It occurs to me that trying to load-balance or round-robin through a proxy IP creates a new single point of failure (e.g., the load-balancer crashes, and host are only configured with the IP of the load-balancer).

Most (if not all) routers are able to configure DHCP clients with 2 or more DNS servers. It seems more attainable for the noob to buy 2 Rpi's. Run the installer on the first Rpi and configure their preferred settings, then run the installer on a second device and choose an option to, "Configure this Pihole as a backup to existing Pihole."

The second PiHole would need remote access to the first Pihole, and a script to periodically check for changes to certain configuration files or settings; and if-changed, import those settings.

Considerations would need to be made if RP1 is configured as a DHCP server (i.e, to avoid having 2 active DHCP servers). The RPi2 would need to "survive on its own" if RPi1 goes down (i.e., RPi2 should perform its own gravity updates and not rely on RPi1 syncing). The user interface should indicate the last time RPi2 has completed a sync, and a warning or error should be visible if RPi1 is not accessible by RPi2.

I am going to try to adapt the script identified above for my scenario. I think it captures most of the basic settings files, but I need it to also sync my 02-pihole.conf in /etc/dnsmasq.d for conditional forwarding (More than one "Conditional Forwarding" entry in the GUI - #5 by sbellon).

Cheers!

RamSet · January 26, 2019, 9:11pm

I have my nodes set-up in that manner.

node 1 is the master and it is also the dhcp server.

Node 2 is a secondary DNS that probes the Pi-hole instance and checks for FTL errors and or if the host is up (DNS1 that is).

If the host has any errors or it is offline, it becomes the DHCP server for the network (maintaining the same leases and IP assignments within the network).

As soon as node 1 is fixed, it reverts itself to secondary diaabling the dhcp side.

No blacklists whitelists or other settings are migrated. It would be easy to implement though via rsync.

mT76GUGDZdjvvIs · January 27, 2019, 6:44pm

Very cool. How are you probing the health of Node 1 and checking the FTL errors? Are you using a linux package for cluster syncing? Or is this a custom bash+cron solution you developed?

I ask because my linux scripting-fu is weak and I'd rather not reinvent the wheel.

RamSet · January 27, 2019, 6:53pm

It is a bash script that i wrote ...

I shared it on the forum already somewhere (can’t rememwbr where - trying to find it).

L.E. Can’t find it.

I’ll tweak mine and remove the sensitive stuff and publish it tomorrow.

mT76GUGDZdjvvIs · January 28, 2019, 12:09am

found it here: Good solution to automatically revert to "normal" if Pi Hole dies? - #4 by jfb

RamSet · January 28, 2019, 12:30am

Yep. That one.

I was embarrassed about how nasty it is (but still works) and i rebuilt the whole damn thing with functions. Less code repetition and a lot easier to debug.
It’s also sexy to look at