In the last article, we implemented a home DoH server using Pi-Hole, which not only filtered out a large number of ads, but also encapsulated our DNS requests in HTTPS, which took them out of the field of filtering requests by the telecom operator.
This solution is great for everyone, but it has one caveat. If suddenly we run out of money in the account with the telecom operator or for some other reason the communication channel to the outside world has disappeared, we will not even be able to replenish the account to restore the service, because the DNS will not work. Or, for example, if our Pi-Hole stopped working for some reason, it seems that the whole network is working, and Google responds, and until you register another DNS server, there will be no happiness. And if at this moment you are still busy with something else and cannot start recovery immediately - the family members are indignant, spoil the joyful existence with their complaints, and even the cats, sensing general nervousness, tend to shit in your slippers.
Upsetting the cats is the last thing, so in this article I will describe how you can implement automatic switching from using Pi-Hole to using operator (as, indeed, any other) DNS in case of problems on Pi-Hole.
TL; DR
We configure automatic switching of the DNS service between Pi-Hole and Mikrotik using the VRRP protocol in the keepalived daemon implementation.
No magic know-how is revealed, a simple step-by-step instruction for those who do not want to understand all the intricacies themselves.
What do you need for this
Implemented Pi-Hole solution from the previous article. It is clear that the described solution can be used for fault tolerance, in principle, anything, but in this particular case, we will focus on this particular implementation. The base Linux solution is Ubuntu.
Mikrotik . , OpenWRT, EdgeRouter, - PC, . VRRP - , , , . , VRRP - Pi-Hole Pi-Hole DNS-.
IPv4- Pi-Hole : 192.168.1.10 .
IPv4- : 192.168.1.1 bridge .
IPv4- DNS: 192.168.1.9
Linux root (.. sudo -i).
" W", , .
, VRRP Virtual Router Redundancy Protocol NHRP (Next-Hop Resolution Protocol). - , , , , . , , ISO/OSI IP-, , VRRP-, . , , , , VRRP ( ). , , , , Cisco GLBP, , ARP-. GLBP CARP.
VRRP , , - 224.0.0.18, . - . - , , , , IP . , ( ), . - IP-, .
. Cisco , , Enhanced Object Tracking. , .
:
DNS
Pi-Hole VRRP 100 90 Pi-Hole
Pi-Hole , DNS Pi-Hole 110
DHCP IP- DNS.
1. DNS Mikrotik
, , DNS . DNS- - , . DNS DHCP, Winbox IP - DNS Servers DNS- .
2. VRRP Mikrotik
VRRP Bridge . Winbox, :
/interface vrrp add interface=bridge name=vrrp-dns version=2 vrid=10
/ip address add address=192.168.1.9/24 interface=vrrp-dns network=192.168.1.0
vrrp-dns - ( , ), vrid - ID , 1-255, . bridge IPv4- .
192.168.1.9 - , .
3. VRRP Pi-Hole
keepalived:
apt install keepalived
/etc/keepalived/keepalived.conf:
! Configuration File for keepalived
vrrp_script check_dns {
script "/etc/keepalived/check_dns.sh"
interval 5 # every 5 seconds
weight 20 # add 20 points if OK
timeout 5 #
rise 2 # avoid flapping
fall 2 # avoid flapping
}
vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 10
priority 90
advert_int 1
virtual_ipaddress {
192.168.1.9/24
}
track_script {
check_dns
}
}
, Pi-Hole - ens160, ( , , ifconfig).
DNS /etc/keepalived/check_dns.sh:
#!/bin/bash
host -s -4 amazon.com 127.0.0.1 > /dev/null 2>&1
:
chmod +x /etc/keepalived/check_dns.sh
DNS . amazon.com. , TTL - 1 , Pi-Hole , , . , - 0 error code, keepalived , , . error code - Mikrotik.
:
systemctl restart keepalived
. Mikrotik , :
vrrp-dns now BACKUP, got higher priority 110 from 192.168.1.10
, 192.168.1.9 Pi-Hole, - pi.hole:
nslookup pi.hole 192.168.1.9
Server: 192.168.1.9
Address: 192.168.1.9#53
Name: pi.hole
Address: 192.168.1.10
, Pi-Hole, IP - .
4. DHCP Mikrotik
DHCP- Mikrotik DNS. WinBox - . IP - Networks, , Pi-Hole DNS Servers Pi-Hole 192.168.1.10 192.168.1.9.
, , DNS, , (, nslookup pi.hole - ). .
- DNS- , Mikrotik. .
, , , , , . , , - .
, , .