On 9/2/21 1:05 AM, Chris Green wrote:
On Wed, Sep 01, 2021 at 01:04:24PM -0700, Michael wrote:
Hi Chris,
This is a topic that has come up periodically over the years and I too have
watched with interest on how to best manage this.
I looked at using heartbeat and other failover service to handle any
potential failure. but it just becomes so complicated if you are using DHCP
too. If you do just DNS, then this is all much simpler.
Here is what I am doing now:
1) Run dnsmasq (pihole actually) in a docker container on my
"infrastructure" server. It has a static IP/MAC separate from the
infrastructure server.
2) Hourly, I rsync the docker data directory for pihole over to my desktop
machine. This contains the /etc/pihole directory, leases file, /etc/hosts
file, etc. It is a super tiny amount of data
3) On my desktop, I have docker installed and ready to go including the
pihole install.
Then, when I have a failure or want to do maintenance, I just stop the
pihole docker on the infrastructure server and start the pihole container on
the desktop. The service comes up with the same IP and MAC and the clients
never know it happened. When I am done, I just reverse the process.
It seems to work fine for my needs.
That sounds a good practical approach and would work for me I think.
I think I need to learn about docker. Is there a beginners guide
anywhere that explains how to do something simple like I would want to
do?
The only other issue is that the only 'servers' I have on my system
(apart from my desktop machine) are Pis, however I see no reason for
not using one of them.
Hi Chris,
I am sure there are some good guides out there for learning docker. I
just learned by just picking a project that I wanted to try and set out
to get it running. You could always run your primary on a pi and your
backup on another platform without any issues using my example below.
I would think running dnsmasq would be about simple of a docker as you
can get. Here are a couple of examples that you should be able to use:
https://github.com/jpillora/docker-dnsmasq
https://hub.docker.com/r/strm/dnsmasq/
Personally, I like to use docker-compose, because it allows you to spin
up the same arguments each time without remembering them.
As I mentioned, I am not using just dnsmasq, but rather pihole built on
top of DNSmasq, but my docker-compose file looks like this below. You
should be able to adapt the arguments for just dnsmasq pretty easily.
pihole-main:
container_name: pihole-main
restart: unless-stopped
image: pihole/pihole
hostname: pihole-main
domainname: $DOMAINNAME
mac_address: 02:42:c0:a8:65:02
environment:
- TZ=${TZ}
- "WEBPASSWORD=fakepassword"
- "TEMPERATUREUNIT=f"
- DNSMASQ_USER=${DNSMASQ_USER}
- PUID=${PUID}
- PGID=${PGID}
# Internal IP of the cloudflared container
- "DNS1=8.8.8.8"
# Explicitly disable a second DNS server, otherwise Pi-hole uses
Google
- "DNS2=no"
# Listen on all interfaces and permit all origins
# This allows Pihole to work in this setup and when answering
across VLANS,
# but do not expose pi-hole to the internet!
- "DNSMASQ_LISTENING=all"
dns:
# - 127.0.0.1
- 8.8.8.8
# Persist data and custom configuration to the host's storage
volumes:
- ${VOLUME}/pihole-main/config:/etc/pihole/
- ${VOLUME}/pihole-main/dnsmasq:/etc/dnsmasq.d/
- ${VOLUME}/pihole-main/misc:/var/lib/misc/
- ${VOLUME}/pihole-main/home:/home/
cap_add:
- NET_ADMIN
- CAP_SYS_NICE
# 1. Join the public network so it's reachable by systems on our LAN
networks:
lan:
ipv4_address: 192.168.101.2
With this configuration, the IP of the container is always
192.168.101.2. The server it is running on though has a different IP -
something in the 192.168.101 range. This way, if I bring this
container up on the backup machine, it can come up on the same IP and
mac address and the clients never know it moved.
Bring it up is just as simple as docker-compose up -d on the backup machine.
Then with this config, I just rsync the ${VOLUME}/pihole-main directory
to the backup machine and it is ready if needed.
Michael
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
