Using Pi-Hole to investigate DNS 1 vs. 2 usage

This week, the Raspberry Pi the filters out all ads and tracking on my network became unreachable. I’m not sure why, but it’s happened a couple of times since Pi-Hole v5 came out. When your Pi-Hole goes offline, so – effectively – does your internet connection.

The second DNS setting

Most routers offer the option to set a second DNS server, but it’s a little unclear how that setting is used. If the DNS 1 goes down, DNS 2 is very likely used. But it’s not just a back-up. When I set DNS 2 to a public DNS server (Google, OpenDNS or Cloudflare) some ads would show, even when DNS 1 (my Pi-Hole) was up and running.

An experiment

As an experiment, I set up a second Pi-Hole instance on a Raspberry Pi Zero I had lying around. In my router, I set it as DNS 2. So now I had two dashboards full of stats, and could tell how many requests both Pi’s were handling. After the first 24 hrs, these were the numbers:

  • Pi-Hole 1: 48,807 requests (40.4% blocked)
  • Pi-Hole 2: 2,344 requests (19.8% blocked)

So it looked like the “back-up” Pi-Hole was getting around 4-5 percent of all DNS queries. Even with DNS 1 fully operational. Some of those requests were from ‘localhost’ though, which skews the numbers and probably explains the lower block ratio. So, effectively, probably 2-3%?

UPDATE: For the following 24 hours, the numbers were significantly different:

  • Pi-Hole 1: 30,645 requests (32.5% blocked)
  • Pi-Hole 2: 3919 requests (20.5% blocked)

This indicates that 11.3% of all DNS queries were handled bij DNS 2, even though I took it down for a couple of hours to give it a better power supply. From the log files, I get the feeling most traffic on DNS 2 is from Windows machines.

It depends on the OS?

From what info I can find (and quite frankly, understand) online, operating systems use the second DNS server setting differently. MacOS and iOS apparently use it only if DNS 1 fails to respond quickly. Windows is suspected of using more of a load-balancing strategy.

Should an OS takes DNS server response times into account, my DNS 1 has a clear advantage. It uses a wired connection, and is a much faster machine (it usually runs near idle).

Our household uses a mix of Android, Windows, ChromeOS, iOS, Linux and other devices. Unfortunately, my router’s (fixed) very short DHCP lease time makes it impossible to tell which devices use DNS 2 from looking at Pi-Hole’s query logs.

Conclusion

Here’s what I’m taking away from this little experiment.

  • Don’t set a public DNS server as DNS 2 if you want airtight Pi-Hole protection
  • Set up a second Pi-Hole if you need redundancy
  • Man, I wish there was a Raspberry Pi Zero with wired internet!
  • TP-Link Deco’s are great routers, but they really mess with Pi-Hole’s stats.

Please comment if you have a similar set-up. I’d love to hear what the DNS 1 vs. 2 ratio is on your network.

Roy Tanck
I'm a freelance WordPress developer, designer, consultant, meetup organizer and speaker. In my spare time I love to go out and take pictures of things.

One thought on “Using Pi-Hole to investigate DNS 1 vs. 2 usage”

  1. Hi. I have 2 Rasberry pi’s (both Pi 4, 2Gb ram) and i have number 1, as primary dns, and number 2 as secondary dns on my DHCP server. I then have to say that i have a destination NAT rule that automaticaly sends all DNS requests not directed to my piholes, to my primary DNS (1). I have data for about 6 month. and i can identify some of the clients on both. i have the following information for my laptop (Windows 10 Home): DNS1: 7632 req. DNS2: 1168 req. An Ubuntu 18.04 server, has the following (gets a reserved DHCP address, therefore gets both DNS servers) DNS1: 12284 DNS2: 14. I would say how the requests is used is verry much dependent on the operation system. And in part to how your network is configured (forcing port 53 to a DNS server).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.