Pi-Hole DNS resolution is currently unavailable – FIXED
Something weird happened today that took way longer to fix than it should have. So here it is:
I run Pi-Hole on my network to block malware, advertisements and other bandwidth stealing things. Pi-Hole is also my DHCP server and DNS server for the entire house. At some point yesterday, I thought it would be a good idea to add some more blocking lists to the mix and brought my total blocked domain list to about 300k. Up from about 100k. Seemed great.
Fast-forward to today when EVERYTHING in the house lost connectivity. 😉
I won’t bore you with all the details of my troubleshoot or googling but it seems as though one of the blocklists had accidently blocked some critical servers necessary to upgrade Pi-Hole ITSELF! The issue complicated itself by now not allowing my to update anything via the Web interface.
After much troubleshooting, the easy fix was to disable Pi Hole blocking from a PUTTY session.
The first command disables Pi-Hole blocking completely and then the second command does an upgrade/repair of the system.
I guess next up on my home networking todo list is to set up some form of redundancy for Pi-Hole. Specifically the DHCP and DNS functions. In fact, I read an interesting idea while troubleshooting all of these issues. Run two pi-holes on the network in the typical DNS load balanced fashion. I would run one on a physical Pi Zero and the other in a docker container. The first would be the primary DNS and single DHCP for the network. It would also have a less aggressive set of lists for blocking and would be used for most of the user devices on the network (phones, laptops, etc.…) while the second could have a much more aggressive set of blocking rules that I would point only Smart Home devices to. Since they are less likely to need to get to most websites (or ANY), I could be extremely aggressive on the blocking. Also since that Pi-Hole would be on the docker image, it would have more horsepower and could handle a larger block list. I would then just hardcode that Pi-hole address into the DNS sections of the IOT devices.
What do you think of this 2 tiered strategy? Let me know if the comments below.