[Dnsmasq-discuss] How do others provide backup for their DNS? Ideas wanted

Michael michael at kmaclub.com
Thu Sep 2 17:32:01 UTC 2021


On 9/2/21 1:05 AM, Chris Green wrote:
> On Wed, Sep 01, 2021 at 01:04:24PM -0700, Michael wrote:
>>
>> Hi Chris,
>>
>>
>> This is a topic that has come up periodically over the years and I too have
>> watched with interest on how to best manage this.
>>
>>
>> I looked at using heartbeat and other failover service to handle any
>> potential failure. but it just becomes so complicated if you are using DHCP
>> too.   If you do just DNS, then this is all much simpler.
>>
>>
>> Here is what I am doing now:
>>
>> 1) Run dnsmasq (pihole actually) in a docker container on my
>> "infrastructure" server.   It has a static IP/MAC separate from the
>> infrastructure server.
>>
>> 2) Hourly, I rsync the docker data directory for pihole over to my desktop
>> machine.   This contains the /etc/pihole directory, leases file, /etc/hosts
>> file, etc.  It is a super tiny amount of data
>>
>> 3) On my desktop, I have docker installed and ready to go including the
>> pihole install.
>>
>>
>> Then, when I have a failure or want to do maintenance, I just stop the
>> pihole docker on the infrastructure server and start the pihole container on
>> the desktop.   The service comes up with the same IP and MAC and the clients
>> never know it happened.    When I am done, I just reverse the process.
>>
>>
>> It seems to work fine for my needs.
>>
> That sounds a good practical approach and would work for me I think.
>
> I think I need to learn about docker.  Is there a beginners guide
> anywhere that explains how to do something simple like I would want to
> do?
>
> The only other issue is that the only 'servers' I have on my system
> (apart from my desktop machine) are Pis, however I see no reason for
> not using one of them.
>

Hi Chris,

I am sure there are some good guides out there for learning docker.  I 
just learned by just picking a project that I wanted to try and set out 
to get it running.  You could always run your primary on a pi and your 
backup on another platform without any issues using my example below.


I would think running dnsmasq would be about simple of a docker as you 
can get.   Here are a couple of examples that you should be able to use:

https://github.com/jpillora/docker-dnsmasq

https://hub.docker.com/r/strm/dnsmasq/


Personally, I like to use docker-compose, because it allows you to spin 
up the same arguments each time without remembering them.

As I mentioned, I am not using just dnsmasq, but rather pihole built on 
top of DNSmasq, but my docker-compose file looks like this below.   You 
should be able to adapt the arguments for just dnsmasq pretty easily.


   pihole-main:
     container_name: pihole-main
     restart: unless-stopped
     image: pihole/pihole
     hostname: pihole-main
     domainname: $DOMAINNAME
     mac_address: 02:42:c0:a8:65:02
     environment:
       - TZ=${TZ}
       - "WEBPASSWORD=fakepassword"
       - "TEMPERATUREUNIT=f"
       - DNSMASQ_USER=${DNSMASQ_USER}
       - PUID=${PUID}
       - PGID=${PGID}

       # Internal IP of the cloudflared container
       - "DNS1=8.8.8.8"

       # Explicitly disable a second DNS server, otherwise Pi-hole uses 
Google
       - "DNS2=no"

       # Listen on all interfaces and permit all origins
       # This allows Pihole to work in this setup and when answering 
across VLANS,
       # but do not expose pi-hole to the internet!
       - "DNSMASQ_LISTENING=all"

     dns:
#      - 127.0.0.1
       - 8.8.8.8

     # Persist data and custom configuration to the host's storage
     volumes:
       - ${VOLUME}/pihole-main/config:/etc/pihole/
       - ${VOLUME}/pihole-main/dnsmasq:/etc/dnsmasq.d/
       - ${VOLUME}/pihole-main/misc:/var/lib/misc/
       - ${VOLUME}/pihole-main/home:/home/

     cap_add:
       - NET_ADMIN
       - CAP_SYS_NICE

     # 1. Join the public network so it's reachable by systems on our LAN
     networks:
       lan:
         ipv4_address: 192.168.101.2


With this configuration, the IP of the container is always 
192.168.101.2.   The server it is running on though has a different IP - 
something in the 192.168.101 range.    This way, if I bring this 
container up on the backup machine, it can come up on the same IP and 
mac address and the clients never know it moved.


Bring it up is just as simple as docker-compose up -d on the backup machine.

Then with this config, I just rsync the ${VOLUME}/pihole-main directory 
to the backup machine and it is ready if needed.


Michael














More information about the Dnsmasq-discuss mailing list